JavaScript fuzzer available

Mike Shaver and I just finished presenting “Building and Breaking the Browser”at Blackhat today in Las Vegas. We discussed the methods and tools that Mozilla uses to secure the Firefox browser. These tools include a fuzzer for Javascript, which has led to the discovery and resolution of dozens of critical security bugs. Fuzzers are tools that generate a large amount of input in order to test the robustness of a piece of software and can be used to identify potential vulnerabilities.

This is the tool we discussed in our presentation, the first in a series of security tools that we intend to make publicly available.

The responsible sharing of security tools is an important way to contribute to the overall health of the web. We worked with Microsoft, Apple, and Opera to reduce the possibility that this tool might adversely affect users of those browsers. All of these browser vendors reviewed the tool and let us know that they were okay with the release.

13 comments on “JavaScript fuzzer available”

  1. Ping from University Update - Firefox - Permanent Link to JavaScript fuzzer available on

    […] Contact the Webmaster Link to Article firefox Permanent Link to JavaScript fuzzer available » Posted at Mozilla Security […]

  2. Ping from Introducing jsfunfuzz · Get Latest Mozilla Firefox Browsers on

    […] wrote a fuzzer called jsfunfuzz for testing the JavaScript engine in Firefox. Window, Shaver, and I announced it at Black Hat earlier today, as part of Mozilla’s presentation, “Building and Breaking the […]

  3. Ping from Both Opera and Firefox Benefit from Mozilla’s jsfunfuzz - CyberNet News on

    […] The great news is that Mozilla isn’t the only one benefiting from it! Opera posted version 9.23 Beta today that fixes four bugs that caused crashes, and one that could have compromised the security of the browser. All five of those problems were found using the jsfunfuzz tool that Mozilla announced and released to the public. […]

  4. Ping from Fuzzer: La herramienta de Mozilla para detectar Bugs… listo para decarga : on

    […] en un anuncio oficial en el blog de seguridad han anunciado que esta herramienta está disponible libre descarga… ¿un arma de doble […]

  5. Ping from Mozilla Releases a (Hot) Fuzzer « Software Battle! on

    […] Read the whole story here. […]

  6. Ping from Security Hub » Blog Archive » Mozilla liberando para o público os seus fuzzers on

    […] momento, a Mozilla já liberou um fuzzer de Javascript. Esta e todas as outras publicações da Mozilla relacionadas à segurança podem ser encontradas […]

  7. Ping from Mozilla Security Blog » Blog Archives » Feedback from Opera on Mozilla JavaScript fuzzer on

    […] JavaScript fuzzer available […]

  8. Ping from Feedback from Opera on Mozilla JavaScript fuzzer · Get Latest Mozilla Firefox Browsers on

    […] JavaScript fuzzer Claudio Santambrogio at Opera posted that they have been running the Mozilla JavaScript fuzzer and as of Friday have found and fixed 4 issues with it. I am thrilled. This is exactly what we […]

  9. Ping from Testear bugs javascript en navegadores, resultados en Opera y Firefox « Dígito Binario - Tecnología Informática on

    […] mientras sigue en desarrollo su nueva versión 3.0, la cual salio la nueva Alpha 7. Luego Mozilla lo puso a disposición para que sea probado en otros navegadores, Opera lo probo y comprobó 4 errores en su motor […]

  10. 小麦 wrote on


  11. Ping from Opera 9.23 update; fixes crash bugs found using Mozilla’s fuzzer tool on

    […] to the Mozilla team for kindly providing this tool Opera. This is the kind of collaboration I love seeing – making the Web more secure for […]

  12. Ping from » Opera uses Mozilla fuzzer to find, fix severe browser flaw | Ryan Naraine’s Zero Day | on

    […] is the first in a series of security tools that will be released by the open-source […]

  13. Ping from aero Blog » Blog Archive » Opera załatana dzięki Mozzilli on

    […] oni stworzyli narzędzie, dzięki któremu błąd został odnaleziony – fuzzer Java Script o nazwie JSFuzzer. Narzędzie to zastało udostępnione na zasadach open-source w czasie konferencji Black Hat w San […]