Black HatAt the Black Hat conference this week Mozilla announced a new tool called jsfunfuzz that was developed by their very own Jesse Ruderman. This is something developers can use to test the JavaScript engine for both stability and vulnerabilities. Here’s what Mozilla had to say about it:

The responsible sharing of security tools is an important way to contribute to the overall health of the web. We worked with Microsoft, Apple, and Opera to reduce the possibility that this tool might adversely affect users of those browsers. All of these browser vendors reviewed the tool and let us know that they were okay with the release.

The great news is that Mozilla isn’t the only one benefiting from it! Opera posted version 9.23 Beta today that fixes four bugs that caused crashes, and one that could have compromised the security of the browser. All five of those problems were found using the jsfunfuzz tool that Mozilla announced and released to the public.

Of course the tool was developed by Mozilla, and so you would expect it to help them the most…and it has. Using it they’ve found 280 bugs in Firefox’s JavaScript engine with about two-dozen of those that could have been exploitable. More than two-thirds of those bugs have already been fixed, and their working on nailing down the rest.

So even if you aren’t using a Mozilla-based browser, I think we all owe Mozilla a big thanks for making this tool available to the public!