Fasten your seatbelts – Browser vulnerability a day to be announced in July
I hope there aren’t too many browser developers that have planned on taking July off….. I ran across browserfun.blogspot.com where it is planned to release information on a web browser vulnerability EACH DAY for the month of July. This comes to us from HD Moore of Metasploit. Judging from This securityfocus article, most of the vulnerabilities may just lead to a browser crash, but some seem to be remote code execution vulnerabilities. Microsoft Internet Explorer is where they found most of them, but other browsers were NOT immune and did find at least one remotely exploitable vulnerability to gain remote access for each browser tested.
Basically, from security focus…. they’ve used fuzzing tools to test browsers. In the past, fuzzing has been used to test network devices and the attention has been more on servers rather than client application. They’ve found over 50 flaws in Internet Explorer. More background on HD Moore’s details on browser fuzzing can be found here. One of the first two already looks fairly serious…. FRSIRT analysis.
BTW on July 11th Microsoft will no longer provide updates for Windows 98/98SE and ME…. I hope the August updates will address some of these issues (I doubt they’ll have patches in by the July patch day.) Of course, keep in mind it’s NOT JUST Internet Explorer that they’ve found vulnerabilities with. (Although it sounds as though most of them are IE vulnerabilities.)