Closed
Bug 323500
(cssgen)
Opened 19 years ago
Closed 5 years ago
[meta] cssgen fuzzer
Categories
(Core :: Fuzzing, defect)
Core
Fuzzing
Tracking
()
RESOLVED
FIXED
People
(Reporter: jruderman, Assigned: jruderman)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(Keywords: meta, sec-other, Whiteboard: [sg:nse] meta)
Attachments
(1 file)
|
(deleted),
text/html
|
Details |
This fuzz-testing tool generates random CSS rules and puts them with a small, static bit of HTML. It includes ideas from bug 306939 and bug 321107.
To use, save cssgen.html as a local file, then load
cssgen.html?seed=1
or
cssgen.html?seed=1&action=scan
Its intended strengths are:
* Finding bugs that only happen if the HTML+CSS is present in the initial document. (For example, :first-letter support in Gecko is not dynamic.)
* Testing pseudo-elements such as :before and :first-letter.
So far, it has found a few assertions, but no crashes or other types of bugs.
|
Assignee | |
Comment 1•19 years ago
|
||
|
|
Assignee | |
Updated•19 years ago
|
Whiteboard: [sg:nse] meta
|
|
Assignee | |
Updated•19 years ago
|
Alias: cssgen
|
|
Assignee | |
Comment 2•19 years ago
|
||
::-moz-focus-inner is repeated in pseudoElements. The second should be ::-moz-focus-outer.
|
||
Comment 3•18 years ago
|
||
Shouldn't have security bugs assigned to nobody. Jesse can own his test bugs
Assignee: nobody → jruderman
|
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
||
Updated•8 years ago
|
Component: Tracking → Platform Fuzzing Team
|
||
Comment 4•5 years ago
|
||
No new bug for 14 years, I think we can close it
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
|
||
Updated•5 years ago
|
Summary: cssgen fuzzer → [meta] cssgen fuzzer
|
|
||
Updated•4 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•