A well-known hacker has vowed to disclose the details of at least one browser flaw every day in July as part of a project, called the Month of Bugs, that is designed to draw attention to unpatched security vulnerabilities.
Since the beginning of July, H.D. Moore, a researcher and the creator of the widely used Metasploit security toolkit, has already exposed several unpatched flaws in Internet Explorer, Firefox, and Apple's Safari.
"The vendors have been notified and the time has come to start publishing the results," Moore said in a blog posting. "This information is being published to create awareness about the types of bugs that plague modern browsers, and to demonstrate the techniques I used to discover them."
Bug Infestation 
Inspired by the work of another security researcher, Moore wrote a program that could test and gauge the effect of mangled Web page code on leading Internet browsers. Hundreds of crashes later, Moore discovered several dozen flaws, including 50 in Internet Explorer alone.
While Moore has already begun to release detailed data on flaws he identified in the major Web browsers, he noted in his blog that none of the information published during the Month of Bugs would include specifics that could result in malicious attacks or enable a hacker to run unauthorized code on a remote computer.
Even so, the practice of disclosing such flaws to the general public is widely derided by the software companies, who have traditionally argued that it would be more responsible to alert the companies first so they have time to patch the software before those with malicious intent can develop exploits that take advantage of the flaws.
sa: http://www.newsfactor.com/story.xhtml?story_id=44305