Today, Window Snyder and Mike Shaver of Mozilla Corp presented a new tool for the probing of modern browsers. Snyder, the head of Security Strategy and Shaver, Technology Strategist, introduced the tool to the public to encourage faster dissemination of flaws in browsers, in the hopes of encouraging faster fixes. In particular, they pointed out the length of time it takes for flaws to get reported and then fixed, of which they say IE is the worst offender.
The most interesting description of the tool was the protocol fuzzer. Starting with JavaScript, the fuzzer was initially used on Firefox only. By doing a varied assortment of tests, it was able to produce "dozens" of vulnerabilities in the browser. Now it can be moved to other browsers as well, according to them any that use JavaScript. In the future, they also plan to release one for HTTP and FTP as well, and even further from there.
Browser security has been high-profile for several years now. When new exploits are discovered or old ones resurface, everyone hears about it. The sheer amount of flaws in IE6 had a big part in how many people switched to alternatives, primarily Firefox. Will tools like this make browsers as a whole more robust?
The more I use a browser, the more I feel like it is becoming an outdated way of communicating with the rest of the world. Just as the type of content demanded by users has changed over time and the services the net offers change, I think the browsers themselves are all due for more than just a facelift - but an overhaul. Perhaps tools like this are an early way of accelerating the process.