X

Security expert dubs July the 'month of browser bugs'

Each day, a prominent security expert will highlight a new vulnerability in a major browser. Happy surfing.

Greg Sandoval Former Staff writer
Greg Sandoval covers media and digital entertainment for CNET News. Based in New York, Sandoval is a former reporter for The Washington Post and the Los Angeles Times. E-mail Greg, or follow him on Twitter at @sandoCNET.
See full bio
Greg Sandoval
Each day this month, a prominent security expert will highlight a new vulnerability found in one of the major Internet browsers.

HD Moore, the creator of Metasploit Framework, a tool that helps test whether a system is safe from intrusion, has dubbed July the Month of Browser Bugs. Already, the security researcher has featured five security flaws, three for Microsoft's Internet Explorer and one apiece for Mozilla's Firefox and Apple Computer's Safari.

Moore noted that one of the IE bugs appeared to have been recently patched.

"This blog will serve as a dumping ground for browser-based security research and vulnerability disclosure," Moore said on his blog. "The hacks we publish are carefully chosen to demonstrate a concept without disclosing a direct path to remote code execution."

Browser security holes are nothing new, but Moore's repository of flaws shines a light on the problem.

Moore says on his site that he reported two of the IE bugs to Microsoft last March. Microsoft acknowledged that it had been in contact with Moore but downplayed the seriousness of the flaws Moore is publicizing.

"(Microsoft's) investigation has revealed that most issues relating to Internet Explorer in particular will result in the browser closing unexpectedly," the company said in an e-mail statement.

Moore doesn't indicate how many of his published vulnerabilities are critical, but security company Secunia has rated one of the flaws, which Moore calls Internet.HHCtrl Image Property, as highly critical.