| | 1 | = July 2006 - The Month of Browser Bugs = |
|---|
| | 2 | |
|---|
| | 3 | |
|---|
| | 4 | The Month of Browser Bugs (MoBB) was a project by HD Moore which was undertaken after he became interested in the growing number of browser vulnerabilities. The announcement post on the Metasploit blog can be found [http://metasploit.blogspot.com/2006/07/month-of-browser-bugs.html here]. Details about the bugs were subsequently posted at [http://browserfun.blogspot.com/ browserfun.blogspot.com] which has continued to be a repository for browser-based vulnerability research and disclosure. |
|---|
| | 5 | |
|---|
| | 6 | |
|---|
| | 7 | Overall, the MoBB breakdown for the 31 days of July was 25 IE, 2 Safari, 2 Mozilla, 1 Opera, and 1 Konqueror bugs. Here's another stat I find interesting: I count 21 of IE's bugs as having to do with ActiveX. If you were to strip out this proprietary technology IE isn't looking nearly as bad, and is more on par with the others. The !AxMan ActiveX fuzzer was provided at the end of the MoBB and no doubt there will be more problems found in the future. |
|---|
| | 8 | |
|---|
| | 9 | Also it should be underscored that this is the MoBBugs, not Vulnerabilities. At the time of their original post, only 5 were listed as being exploitable or potentially exploitable (Safari !#31, !FireFox !#28 - exploit provided for Windows/Linux/MacOSX! and !#4, and IE !#27 and !#2). However as was already mentioned, an entirely new way to exploit some of the "unexploitable" ActiveX bugs has [http://metasploit.blogspot.com/2006/08/putting-fun-in-browser-fun.html been] [http://uninformed.org/index.cgi?v=4&a=5 developed], and only time will tell how creative other people can be for other "unexploitable" bugs. |
|---|
| | 10 | |
|---|
| | 11 | |
|---|
| | 12 | Another useful link about MoBB is the !OpenSource Vulnerability !DataBase blog post about it here: [http://osvdb.org/blog/?p=127 http://osvdb.org/blog/?p=127] |
|---|
