Skip navigation.

exploreopera

| Help

Sign up | Help

Opera Desktop Team

avatar

Fun with the fuzzer

By csant. Friday, 3. August 2007, 10:42:36

, , ,

Yesterday Mozilla released their jsfunfuzz tool at the Blackhat convention in Las Vegas. The tool is very useful for stress-testing the javascript engine and its stability. While running the tool, we found four crashers - one of which might have some security implications.

Here is a build that should address all of the issues: test it, give it a spin with the tool - and please report any crashers you might find with the fuzzer, and most importantly: send us a crashlog along with it!

Have fuzz fun! And many thanks to Mozilla for sharing their tool.

Download:
Windows MSI
Windows Classic
Macintosh
Unix

Screen reader supportYet another 9.23 build

Comments

avatar
:yes:

I Have fun! all days with opera

By yokey, # 3. August 2007, 11:41:38

avatar
how to execute the fuzzer ???

By jkapsiar, # 3. August 2007, 11:50:10

avatar
*Looks like I have a lot to do this weekend after all* :thumb:

Standing applause to both Opera and Mozilla here :smile:


- ØØ -

By NoteMe, # 3. August 2007, 12:14:10

avatar

Originally posted by Jesse Ruderman@bugzilla:

Now runs in the JavaScript shell. If you want to continue running it in the
browser (which seems slower), create a jsparsefuzz.html file containing just:

<script src="jsparsefuzz.js"></script>



Ready to go fuzzer page

Commented out lines 691, 692 and 695 because Opera doesn't have uneval

By remcolanting, # 3. August 2007, 12:20:18

avatar
What I want is a build that isn't so godawfully slow dealing with Yahoo mail, Gmail, and Slashdot.

Opera is very, very poor at dealing with those sites.

By eblade, # 3. August 2007, 12:40:22

avatar
How long do you think the test should be run? One hour? Or longer? I noticed that some person on mozzila page runs the test overnight.

By Svoboda, # 3. August 2007, 13:03:45

avatar
my browser.js seems to be pretty much empty.

By lamarca, # 3. August 2007, 13:05:08

avatar
Bug in 9.23.
Clicking on external links (from f.eks msn) does not work. An error pops up saying that Opera is already running!

Update:
Works normaly again after a system reboot. :smile:

By hansbendiksen, # 3. August 2007, 13:21:16

avatar
Thanks, now i tryed this new build, i hope encounter no issue (forgime my very horrible english :jester: )

By edupav, # 3. August 2007, 13:27:17

avatar
9.23, Cool. I don't understand that "jsfunfuzz tool" but I installed the build anyway. I hope 9.23 Final to be ready soon for the public.
Maybe it's the same jsfunfuzz tool the reason of Firefox 2.0.0.6 recent update.

By andresruiz, # 3. August 2007, 14:44:57

avatar
@bexs. Did you ever try this userjs: http://my.opera.com/xErath/blog/2007/01/02/the-world-through-a-google ?

By EricJH, # 3. August 2007, 14:54:43

avatar
OK, QQ:

Is this 9.23 weekly or 9.23 official release?

It's second time...

And what was changed in this version? Changelog? 4 crashed bugs fixed or?

By DjiXas, # 3. August 2007, 14:54:54

avatar
andresruiz: no, Firefox 2.0.0.6 was a quick security update (see: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.6), while this is about javascript performance/stability/stuff.

By Stifu, # 3. August 2007, 14:58:55

avatar
@DjiXas
It's never official till it hits the opera.com/download page.

@Captain Stifu
The fuzz thingy is also used to detect security vulnerabilities (as said in the blog, they found one in Opera using the tool).

By Luchio, # 3. August 2007, 15:18:26

avatar
so other then fuzz are there any changes in this version?

By Bill_P, # 3. August 2007, 15:19:25

avatar
Luchio: right... but it still has nothing to do with the latest Firefox update(s). p: (Which were mostly related to the IE vulnerability issue, even though Firefox was also at fault)

By Stifu, # 3. August 2007, 15:29:47

avatar
More problems with Yahoo Panama... Switching to FireFox...

By DjiXas, # 3. August 2007, 15:54:45

avatar
Because Mozilla enjoys a very enthusiastic community of users, it decided to put out tools in the hands of its users that'll help make future releases of Firefox even stronger. After thinking about it, it decided the tools could be used on all browsers, not just its own because many similar vulnerabilities affect other browsers as well. In May, Snyder says Mozilla sent the tools to Microsoft and Opera but did not hear back.


http://www.zdnetasia.com/news/security/0,39044215,62030323,00.htm

What? Opera didnt' respond to Mozilla? Tsk tsk! P:

By mrd, # 3. August 2007, 16:42:17

avatar
mrd, Snyder also said a certain IE bug didn't exist in Firefox (which was wrong), so don't count on her...

By wupperbayer, # 3. August 2007, 16:48:19

avatar
Yea, Opera's JavaScript is a bit faster in this build. Keep up the good work everyone. :wink:

By GT500, # 3. August 2007, 16:52:33

avatar
Re the Javascript comments, could someone clarify this? Isn't Opera's JS supposed to already be faster than the others? Granted, I've seldom seen a heavy JS page in Opera be anything but slow (I even have to disable JS per-site on the worst of them), but how does that reconcile with the claims of some that it has fast JS (Howtocreate, etc)? And if Opera JS is already fast while Web 2.0 sites are widely considered to be slow in Opera, is a new JS rev really going to make a difference? Maybe Opera's JS is fast in benchmarks but slow in the real world?

By rseiler, # 3. August 2007, 17:33:05

avatar
you found four crashers, one of which might have security implications with that tool... and on http://www.squarefree.com/2007/08/02/introducing-jsfunfuzz/ they say

"It has found about 280 bugs in Firefox's JavaScript engine, over two-thirds of which have already been fixed (go Brendan!). About two dozen were memory safety bugs that we believe were likely to be exploitable to run arbitrary code."

So why did you find so significantly fewer crashers and security things in Opera with that tool? Do you have your own fuzzers that allowed you to find other bugs? If so, wouldn't it be fair to share that tool with other browser makers? ... Security sure is a selling point for Opera. But I guess it's in everyone's interest that all the browsers are as secure as possible....

By WildEnte, # 3. August 2007, 18:04:02

avatar
Time for a little fuzzin'.

By kyleabaker, # 3. August 2007, 18:19:06

avatar
Cool new build it's fuzzier.

By intelimac20inch, # 3. August 2007, 18:27:10

avatar
If Opera discover a security issue with this tool, And Official release is close to be published to the for the whole community can be stay secure i hope.

By edupav, # 3. August 2007, 18:29:48

avatar
@WildEnte: good question about the difference in numbers, actually we've no clue. Maybe Opera's JavaScript engine was just a bit more robust for the type of issues the fuzzer tool can find?

I don't know what tools the JavaScript developers are using, but if I am not mistaken we didn't use such Javascript fuzz tools before May, when Mozilla informed us about their tool.

We do use a HTML fuzzer tool, based on the mangleme code that was made public in October 2004. Mozilla uses such a tool as well, AFAIK.

By Rijk, # 3. August 2007, 19:10:52

avatar
Rijk: this reminds me of Asa Dotzler's comments (e.g., recently in comments on operawatch) about Opera not disclosing internally found security leaks. Although I disagree with Mr. Dotzler's tone in discussions, I find his point valid. However,

FF: 280 bugs, ~ two dozen security relevant
Opera: 4 bugs, 1 security relevant
one tool

are pretty nice numbers to throw at people. Where's Daniel Goldman when you need him? (c;=

By WildEnte, # 3. August 2007, 19:22:26

avatar
@Rijk
Thank you for your comment & info :up: !

@wildente
Ignore Aza's blub'n'bla, no marketing need.

By idleskitter, # 3. August 2007, 19:23:02

avatar
just took a look in my mac osX application folder
and found a link to my application folder;
what happend? when i draged and dropped the Opera icon
from the dmg file the application icon mooved, too;
it isn't possible to move only the opera icon.

By spontaneouscombustion, # 3. August 2007, 19:51:37

avatar
@cavalez
Just because other browsers don't always show the scroll bar in textareas that does not validate this as a bug. If you'd like to make your wish more effective then you're posting this in the wrong place. Let me redirect you..wish-list forum. Otherwise you are wasting your time posting requests and wishes here. :wink:

By kyleabaker, # 3. August 2007, 20:21:08

avatar
2cavalez:
>I want right scrollbar in textareas appears only when needed. It looks terrible. For example in this textarea I am writing now.

+1

By consalt, # 3. August 2007, 20:34:39

avatar
The textarea on this page is little to wide...
Quite embarrasing, isn't it? :smile:

By Hades32, # 3. August 2007, 21:07:43

avatar
All posts about Kestrel have been deleted. This is a post about 9.23 (Merlin). Please remain on-topic.

By Junyor, # 3. August 2007, 21:22:15

avatar
Thanx for this build.

By Darken, # 3. August 2007, 21:26:01

avatar

Originally posted by WildEnte:

... Where's Daniel Goldman when you need him?


Daniel's gone on vacation for a week. Assuming he's already on the road, it's doubtful that anything will make it on OperaWatch until he returns. :frown:

By GT500, # 3. August 2007, 21:34:42

avatar
Is it only with me, or typing "g any_word" in adress bar triggers a pricerunner search instead of Google's?

[]s

By SpyMan, # 3. August 2007, 22:25:35

avatar
I also want to know how to run this fuzzer... Homer: Doh!

Is it only with me, or typing "g any_word" in adress bar triggers a pricerunner search instead of Google's?"


Works fine here...

By superenan, # 3. August 2007, 22:28:59

avatar
Junyor: good to hear it...
you might as well tell them 2008 though.. :D

By illiad, # 3. August 2007, 22:36:22

avatar
I don't want to sound too stupid, but does anybody have any clear (i.e. simple) instructions on how to 'run' this tool?

I clicked on this link http://download.remcol.ath.cx/jstest.html -- as posted by remcolanting and Opera started downloading a 'bunch' of 'stuff'. Opera was using 95% of my CPU -- I never let the download complete. Was I executing/running the fuzzy?

Thank you.

By rwf, # 3. August 2007, 22:37:52

avatar
oh, and for all those still complaining about 'bugreports and no reply from opera' here is how MS does it..
( from this blog )
XP has a lot less problems but it's been around a lot longer and had more fixes done. It still pops up error reports that it wants me to send back to Microsoft as recently as 3 days ago. However, I'm not on their payroll, so any information I have is treated in the same fashion MS treats it, no replies, few answers and seldom given with any truth.

By illiad, # 3. August 2007, 22:44:50

avatar
@Junyor
Good to delete all posts about Kestrel, I'm tired of reading a tons of comments asking for Kestrel release.

__


I don't really know how to test that "jsfunfuzz tool" I am not so techie. So I just report what is working or not...by now, everything that used to work...keeps working. I know this is not so helpful. Maybe my post will be deleted by containing the word Kestrel :D

By andresruiz, # 3. August 2007, 22:46:48

avatar
Unfortunately I see that this build is still crashing all the time here... Can anyone browse for some time in Mercado Livre without having Opera crashing? :cry:

By superenan, # 3. August 2007, 23:40:13

avatar
@rwf: The output you see on http://download.remcol.ath.cx/jstest.html is the output of the fuzzer so if you see anything at all, it's running.

If you would like to run it but don't like the high cpu usage you can change the timeout that is used to a higher value. It won't run as often then, saving cpu time.

Save the html file and the js file to the same folder.
setTimeout(testStuffForAWhile, 200);


Change the 200 (milliseconds) to something higher, it's in the js file twice and they're very close together.

By remcolanting, # 3. August 2007, 23:45:29

avatar
@superenan: Mercado Livre (proper url) is working just fine here. Try clearing your cache and/or a clean profile.

By remcolanting, # 3. August 2007, 23:49:05

avatar

Originally posted by illiad:

oh, and for all those still complaining about 'bugreports and no reply from opera' here is how MS does it.. ( from this blog )

Bzzt, there you go again.

What this user is seeing, as he implies, are automated application error reports, basically crash dumps and other machine information that (with your permission) are sent to MS to be used in aggregate for statistical purposes. They've mentioned many times how the data is used, and it's quite valuable to them, since on a worldwide scale it lets them hone in on the most serious problems.

This is not to be confused with what you're alluding to with Opera, which is writing up a bug report and sending it in. That's something else entirely, and for a non-beta product, you go through MS technical support to do it.

If I find any stories about MS starting a genocide in Africa or being responsible for poisoning any municipal water supplies, I'll be sure to let you know.

By rseiler, # 4. August 2007, 00:26:57

avatar
Unfortunately I see that this build is still crashing all the time here... Can anyone browse for some time in Mercado Livre without having Opera crashing?


Never had crashes with MercadoLivre (I'm Brazilian and use this site a lot). The only problem I see is that if you click in a product photo, it opens in a new tab (ok so far), but if you close this tab and click the same photo or in any other, nothing happens.

[]s

By SpyMan, # 4. August 2007, 00:29:39

avatar
Looks like my search.ini was "corrupted", but my custom searches were not lost. :frown:

http://img222.imageshack.us/img222/3497/search2ds5.png

http://img222.imageshack.us/img222/2308/search1jf9.png

Where's my backup CD?...

[]s

By SpyMan, # 4. August 2007, 00:38:34

avatar

Originally posted by superenan:

... Can anyone browse for some time in Mercado Livre without having Opera crashing?


It's appears to be working fine here. I spent several minutes browsing around pages that appeared to be in Spanish (although I have no idea what any of it said), and I didn't have any slow-downs, crashes, or error messages...

By GT500, # 4. August 2007, 01:43:47

avatar
Well, that's too bad, looks like my Opera is the only one that's been crashing since about build 8796... specially in Mercado Livre, but also in other websites.

I already sent them a bug report, but Opera crashes so suddenly that I couldn't give much information... hope they can fix it soon, it's killing me :cry:

By superenan, # 4. August 2007, 03:06:33

avatar

Originally posted by superenan:

Well, that's too bad, looks like my Opera is the only one that's been crashing since about build 8796...


There could be a fix for the problem. Unfortunately it involves wiping out all of the preferences that you've set in Opera, and reverting to the default setup (see third paragraph if this is a problem). Note that any skins or widgets that you had installed will still be there, you'll just have to reactivate them. The same applies if you've changed your toolbar setup (you'll find it in the Advanced Preferences).

Open up opera:about and look under the 'Paths' section for an entry labeled 'Preferences' (should be the top one). It should tell you the location of a file named 'opera6.ini' (which is Opera's preferences file). You need to close Opera, and then delete that file (do not delete it while Opera is open). When you launch Opera again it will create a new 'opera6.ini' file with the default set of preferences.

If you don't want to actually delete the file 'opera6.ini' then you can just move it somewhere else, or rename it (something such as 'opera6.ini.bak'). This way, if resetting your profile doesn't work, then you can always put the old file back in place, and have all of your old settings back. :wink:

Edit: I made a video that covers the basic steps. You can also download it here (you'll need the XviD codec to view it, or something such as VLC Media Player).

By GT500, # 4. August 2007, 03:18:22

1 2 3 Next »

Showing comments 1 - 50 of 139.

Write a comment

You must be logged in to write a comment. if you're not a registered member, please sign up.