NetworkWorld reports that Microsoft (News - Alert) is analyzing the bug, and is reviewing the report from Google’s Michael Zalewski. The bug was one of some 100 found by Zalewski using a "fuzzing" tool, according to NetworkWorld.
IE, Firefox, Chrome, Safari and Opera each had vulnerabilities, NetworkWorld added.
NetworkWorld explains that “fuzzing” is “used to locate vulnerabilities and find flaws in code.” By using a fuzzer, researchers can employ a “technique by inputting data into applications or operating system components to see if -- and where -- crashes occur,” NetworkWorld explained.
In addition, Zalewski said the bug, which he describes as an “exploitable vulnerability” is “independently known to third parties in China,” according to his report on the matter.
On Dec. 30, Zalewski received “search queries from an IP address in China, which matched keywords mentioned in one of the indexed cross_fuzz files.”
“Crucially, the person had no apparent knowledge of cross_fuzz itself, poked around the directory for a while, and downloaded all the accessible files; suggesting this not being an agent one of the notified vendors, but also being a security-minded visitor,” Zalewski reported. “It also leads him to believe there was “an independent discovery of the same vulnerability.”
It appears that Microsoft had asked Zalewski to “delay” the “release of fuzzer” “because of 'PR impact,'” based on a statement in his report.
In another Internet Explorer matter, TMCnet reported that Microsoft has two new security patches, which include software updates to prevent attacks on Windows and Internet Explorer. It appears the security patches were not related to the incidents reported by Zalewski, according to NetworkWorld.
In December, Firefox had 38.11 percent of the European market share, compared to IE's 37.52 percent, said TMCnet.