Mozilla’s Security Tools for Firefox 2.0 Will Not Impact Internet Explorer

Mozilla offered official assurance of the fact that the security tools released for Firefox 2.0 will not impact rival browsers. Internet Explorer, Opera and Safari are not affected by the open source security utilities built especially for Firefox. Furthermore Microsoft, Apple and Opera all gave their O.K. for the release of the JavaScript fuzzer for Firefox 2.0 after Mozilla submitted the tool to its competitors for evaluation. In this manner, Mozilla ensured that the fuzzer would not lead to the discovery of security vulnerabilities and the subsequent exploits in competitor products.

During the “Building and Breaking the Browser” session at Black Hat 2007 in Las Vegas, Window Snyder, the Director of Ecosystem Development at Mozilla Corporation together with Mike Shaver, co-founder of the Mozilla project, presented security tools used to bulletproof the open source browser. “We discussed the methods and tools that Mozilla uses to secure the Firefox browser. These tools include a fuzzer for Javascript, which has led to the discovery and resolution of dozens of critical security bugs. Fuzzers are tools that generate a large amount of input in order to test the robustness of a piece of software and can be used to identify potential vulnerabilities. This is the tool we discussed in our presentation, the first in a series of security tools that we intend to make publicly available,” Snyder revealed.

Essentially, the fuzzer is designed to build random strings with JavaScript statements and expressions and bombard the JavaScript engine with input. It is important to note that the input, sometimes malformed with syntax errors, is delivered as functions to the engine. The obvious role of the tool is to automate the process of sniffing out security flaws. Microsoft, Apple and Opera all received versions of the fuzzer beforehand.

“The responsible sharing of security tools is an important way to contribute to the overall health of the web. We worked with Microsoft, Apple, and Opera to reduce the possibility that this tool might adversely affect users of those browsers. All of these browser vendors reviewed the tool and let us know that they were okay with the release,” Snyder added.

Tags: Firefox, Internet, javascript_engine, opera, security_bugs, security_tools, syntax_errors, Web

This entry was posted on Monday, August 6th, 2007 at 12:17 pm and is filed under Firefox, Internet. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Related posts

• How to Search Google Using a Command Line (5)
• Google Chrome Steps Inside IE and Firefox Territory (0)
• Block any website on your computer with Any weblock (1)
• Using Secure Login in Firefox (3)
• Update Windows within Firefox (0)
• Update To Firefox Tightens Security (0)
• Trick To Increase Browsing Speed for IE and Firefox (13)
• Top 5 Gaming Extensions for Firefox (2)
• Top 10 Firefox Extensions To Avoid (3)
• The secrets of about:config – part6 (7)
• The secrets of about:config – part5 (4)
• The secrets of about:config – part4 (4)
• The secrets of about:config – part3 (6)
• The secrets of about:config – part2 (5)
• The secrets of about:config – part1 (6)
• Speed Up Your Internet With FireFox (6)
• Speed Up Firefox web browser (5)
• Speed Up Firefox Page Rendering (2)
• Simple Firefox Speed Tweak (5)
• Save Embedded Web Videos To Your Hard Drive (3)