July 5, 2006 5:15 PM PDT
Security expert dubs July the 'month of browser bugs'
HD Moore, the creator of Metasploit Framework, a tool that helps test whether a system is safe from intrusion, has dubbed July the Month of Browser Bugs. Already, the security researcher has featured five security flaws, three for Microsoft's Internet Explorer and one apiece for Mozilla's Firefox and Apple Computer's Safari.
Moore noted that one of the IE bugs appeared to have been recently patched.
"This blog will serve as a dumping ground for browser-based security research and vulnerability disclosure," Moore said on his blog. "The hacks we publish are carefully chosen to demonstrate a concept without disclosing a direct path to remote code execution."
Browser security holes are nothing new, but Moore's repository of flaws shines a light on the problem.
Moore says on his site that he reported two of the IE bugs to Microsoft last March. Microsoft acknowledged that it had been in contact with Moore but downplayed the seriousness of the flaws Moore is publicizing.
"(Microsoft's) investigation has revealed that most issues relating to Internet Explorer in particular will result in the browser closing unexpectedly," the company said in an e-mail statement.
Moore doesn't indicate how many of his published vulnerabilities are critical, but security company Secunia has rated one of the flaws, which Moore calls Internet.HHCtrl Image Property, as highly critical.
8 commentsJoin the conversation! Add your comment