"Codenomicon Lab's core focus is to empower the decision makers to provide better quality software and better quality products"
Codenomicon Labs
Web Browsers
Whitepaper on Browser Fuzzing
In this whitepaper we describe how robustness testing techniques can be used to assess the security and robustness of internet browsers. In a case study, we analyze the robustness of five major browsers. In the tests, potential attack scenarios are simulated by sending anomalous inputs to the tested browsers using a robustness testing method called fuzzing.
None of the browsers passed the tests.
> Download the whitepaper here
Results
| Result | Product Name | Version | Operating System | Tested Protocols |
|---|---|---|---|---|
|
Chrome | 3.0.195.38 | Windows 7 | HTTP, SSL/TLS, XML |
|
Opera | 10.10 | Windows 7 | HTTP, SSL/TLS, XML |
|
|
IE 8 | 8.0.7600.16385 | Windows 7 | HTTP, SSL/TLS, XML |
|
|
Firefox | 3.5.6 | Windows 7 | HTTP, SSL/TLS, XML |
|
|
Safari | 4.0.4 | Windows 7 | HTTP, SSL/TLS, XML |
Results definition: The Verdict
| Result | Description |
|---|---|
|
Excellent: Browser did not care about the malicious content at all, and user was fully protected. |
|
Good: The browser might have had issues, but the user was given a chance to protect himself. The browser recognized the potentially malicious content and prompted the user if he wanted to view it, and crashed or jammed only after the user requested to proceed. |
|
|
Bad: The user has no means of protecting himself from the attack. The browser clearly had issues, but was able to handle them in such manner that the entire web browsing experience was not hindered. A browser window or tab crashed or jammed. |
|
|
Ugly: The user has no means of protecting himself from the attack. The browser clearly had issues, and all browser processes crashed; or the entire browser jammed and the only recovery solution was to restart the browser. |