Closed
Bug 343943
Opened 18 years ago
Closed 2 years ago
[meta] HTML Element and Attribute fuzzer
Categories
(Core :: Fuzzing, defect)
Core
Fuzzing
Tracking
()
RESOLVED
INACTIVE
People
(Reporter: jruderman, Unassigned)
References
(Depends on 34 open bugs)
Details
(Keywords: meta, sec-other, Whiteboard: [sg:nse meta])
Attachments
(3 obsolete files)
This fuzzer creates random HTML elements and attributes, based on a list I made while looking at the HTML 4 and HTML 3.2 DTDs. It also removes attributes, creates text nodes, and does StirDOM-like things. So far, I have discovered six bugs with it: bug 343540, bug 343588, bug 343596, bug 343599, bug 343850, and bug 343940. It requires fuzz.js, which you can get from bug 339948.
|
Reporter | |
Comment 1•18 years ago
|
||
While this fuzzer knows which attributes are typical for each element and which values are typical for each attribute, it violates each of these (picking a random attribute or a value that makes sense only for a different attribute) one fifth of the time.
|
|
Reporter | |
Comment 2•18 years ago
|
||
|
|
Reporter | |
Comment 3•18 years ago
|
||
* Added <marquee> and <blink>. * Made various tweaks that will hopefully result in finding bugs more quickly and having easier reductions.
Attachment #228509 -
Attachment is obsolete: true
|
|
Reporter | |
Comment 4•18 years ago
|
||
Bug 344486 has a similar fuzzer for XUL.
|
||
Comment 5•18 years ago
|
||
I could use this as a 'plugin' for bug 321107 (as many other fuzzers, probably).
|
||
Updated•18 years ago
|
Whiteboard: [sg:nse meta]
|
|
Reporter | |
Comment 6•18 years ago
|
||
Attachment #229055 -
Attachment is obsolete: true
|
|
||
Comment 7•18 years ago
|
||
Shouldn't have security bugs assigned to nobody. Jesse can own his test bugs
Assignee: nobody → jruderman
|
|
Reporter | |
Comment 8•17 years ago
|
||
Comment on attachment 242974 [details] HTML Element and Attribute fuzzer 3.0 New version in bug 339948.
Attachment #242974 -
Attachment is obsolete: true
|
|
Reporter | |
Comment 9•9 years ago
|
||
https://github.com/MozillaSecurity/funfuzz/blob/master/dom/fuzzer/modules/generate-nodes-html.js
Group: core-security
|
||
Updated•8 years ago
|
Component: Tracking → Platform Fuzzing Team
|
||
Updated•2 years ago
|
Summary: HTML Element and Attribute fuzzer → [meta] HTML Element and Attribute fuzzer
|
|
||
Comment 10•2 years ago
|
||
The bug assignee didn't login in Bugzilla in the last 7 months.
:decoder, could you have a look please?
For more information, please visit auto_nag documentation.
Assignee: jruderman → nobody
Flags: needinfo?(choller)
|
||
Updated•2 years ago
|
Status: NEW → RESOLVED
Closed: 2 years ago
Flags: needinfo?(choller)
Resolution: --- → INACTIVE
You need to log in
before you can comment on or make changes to this bug.
Description
•