Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
The state space is too large for these algorithms to be effective on Firefox as a whole, and there are many libraries we just don't care about when browser fuzzing.
eg. if AFL/libFuzzer manages to hit a path that makes an input appear as gz encoded, the "novel" zlib coverage is very attractive to the algorithm, but that's a very inefficient way to fuzz zlib.
Most of these libraries are targeted specifically by OSS-Fuzz [0] and their integration into Firefox is fuzzed with libFuzzer using the fuzzing interface andrei mentioned.
0: https://google.github.io/oss-fuzz/
AFL is not that smart. If you only do bit flippings on the inputs, then fuzzing a JavaScript engine/dom engine will take forever. The "domino" (Mozilla internal tool) looks quite powerful as it generates semantically correct dom. Sadly, it is not open source. Google has a tool designed specifically to fuzz JavaScript engines, Fuzzilli[1], which hackers have been using for bug hunting.
[1]: https://github.com/googleprojectzero/fuzzilli