We're all very well aware of the security issues that plague modern browsers. While IE tends to get singled out as the most insecure, all popular browsers often have vulnerabilities discovered for them that require patching. To help bring awareness to the situation, a black-hat security expert who does work on the Metasploit
project is committing to release a new exploit for a major browser every day this month. H.D. Moore is using July as his “Month of Browser Bugs”
. So far, he's been able to do it, with a new exploit revealed each day.
Some may debate the merits of his actions, thinking that someone with that type of knowledge should bring it to the browser developers attention rather than release it to the public. Since it is unlikely that he is working around the clock to find a new bug every 24 hours, odds are there is a known list of vulnerabilities not discovered by the developers yet which he is releasing bit by bit. He has a bit of a disclaimer for himself and those who are working on this with him, to make it seem that his actions are not dangerous:
"The hacks we publish are carefully chosen to demonstrate a concept without disclosing a direct path to remote code execution," Moore wrote.
intends to work out some form of communication between himself and browser developers. It'll be interesting to see if anything released from his group turns out to be a showstopping flaw.