software testing journal (![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small} testingsoftware) wrote,@ 2007-08-18 08:55:00 |
|
Testing tool from rival to the rescue
In Information Week there was an article about how Opera had used a security software testing tool from its rival Mozilla. Opera Software found and patched what it's calling a "highly severe" bug in its flagship browser. During the recent Black Hat security conference, the Mozilla Foundation made the JavaScript fuzzer, an open-source application testing security testing tool, available to anyone who wants to use it. Mozilla has been using it to detect and fix dozens of security bugs in Firefox, according Window Snyder, who is head of Mozilla's product security.
Security fuzzers are software tools that test an application for problems like buffer overflows, format string vulnerabilities, and error handling. For example, Mozilla's JavaScript fuzzer recently found 280 bugs in Firefox, 27 of which were exploitable. Now, Opera is putting the testing tool to a similar use and they have publicly thanked Mozilla for providing them the JavaScript fuzzer.
