Zero Day

Ryan Naraine and Dancho Danchev

Get Zero Day via:: Mobile; RSS; Email Alerts
Bios:: Ryan’s Bio; Dancho’s Bio

August 15th, 2007

Opera uses Mozilla fuzzer to find, fix severe browser flaw

Posted by Ryan Naraine @ 8:01 am

Categories: Black Hat, Botnets, Browsers, Data theft, Exploit code, Firefox, Google, Hackers, Metasploit, Microsoft, Mozilla, Open source, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Symantec, Vulnerability research, Zero-day attacks

Tags: Opera Software, Web Browser, Mozilla Corp., Flaw, Ryan Naraine

In Focus » See more posts on: Black Hat

How’s this for cross-browser cooperation?

Using a JavaScript fuzzer released by Mozilla at Black Hat, Opera’s security team has found and fixed a “highly severe” browser flaw that could be used in code execution attacks.

The problem:

A virtual function call on an invalid pointer that may reference data crafted by the attacker can be used to execute arbitrary code.

The flaw was found with jsfunfuzz, a JavaScript compiler/decompiler fuzzer built by Jesse Ruderman and released earlier this month by Mozilla security chief Window Snyder.

It is the first in a series of security tools that will be released by the open-source group.

Snyder said all the major browser vendors — Opera and Microsoft — were giving the fuzzer ahead of time and they were all comfortable with the idea of making it available to the public.

Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.

Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Talkback
Most Recent of 6 Talkback(s)

Thread View
Flat View

OTOH: Google is STILL your friend. (Read the rest); Posted by: Jambalaya Breath Posted on: 08/16/07 You are currently: a Guest | Log in | Terms of Use

How nice of Mozilla. Scrat | 08/15/07

why dont ya complain some more? Monkey_MCSE | 08/15/07

Huh? Jambalaya Breath | 08/16/07

Fuzzer? plainstreet@... | 08/16/07

Here's a link to mhenriday | 08/16/07

OTOH Jambalaya Breath | 08/16/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Connecting to Better Customer Service Qwest Communications Build a robust voice and data network infrastructure, and transform customer information and feedback into actionable results. Download Now
Planning Activation in Isolated Environments Microsoft This guide is for IT pros maintaining the Windows? 7 and Windows Server? ... Download Now
Business Value of Windows Server 2008 R2 Hyper-V and Live Migration Microsoft Find out how to reduce space, power and hardware costs in your data center by converting under-utilized physical servers into virtual machines. Download Now

Blogs From Our Sponsors

Top Rated

And the most popular password is...+34 votes
Microsoft readies emergency IE patch to counter public exploits+33 votes
Report: 48% of 22 million scanned computers infected with malware+32 votes
Microsoft says Google was hacked with IE zero-day+31 votes
Microsoft confirms 17-year-old Windows vulnerability+31 votes
MS Patch Tuesday heads-up: 13 bulletins, 26 vulnerabilities+26 votes
Bogus IQ test with destructive payload in the wild+22 votes
Haiti earthquake themed blackhat SEO campaigns serving scareware+21 votes

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Driving business agility through SOA connectivity and integration IBM Corp. This paper describes some of the business and IT issues that enterprises ... Download Now
A Case Study in Scientific Application Streaming at the Harvard School of Engineering and Applied Sciences Intel The School of Engineering and Applied Sciences (SEAS) serves as the ... Download Now
Volume Activation Technical Reference Guide Microsoft This reference guide is for information technology (IT) implementers whose ... Download Now

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
Linking Decisions and Information for Organizational Performance Read the Tom Davenport study

Zero Day

Ryan Naraine and Dancho Danchev

August 15th, 2007

Opera uses Mozilla fuzzer to find, fix severe browser flaw

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Recent Entries

Blogs From Our Sponsors

Top Rated

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads

Zero Day

Ryan Naraine and Dancho Danchev

August 15th, 2007

Opera uses Mozilla fuzzer to find, fix severe browser flaw

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Recent Entries

Blogs From Our Sponsors

Top Rated

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Keep up with ZDNet

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads