They don’t seem to be using a fuzzer that uses a “smart” way of creating new inputs based on previous inputs that revealed novel execution paths, as done in the AFL fuzzer ( https://en.m.wikipedia.org/wiki/American_fuzzy_lop_(fuzzer) ).
I wonder why that is— that always struck me as a particular elegant approach, and I know AFL has been used to find tons of bugs in various popular open source projects. There was a popular article on HN a while back where AFL even “learned” how to generate valid jpg image file headers.
The state space is too large for these algorithms to be effective on Firefox as a whole, and there are many libraries we just don't care about when browser fuzzing.
eg. if AFL/libFuzzer manages to hit a path that makes an input appear as gz encoded, the "novel" zlib coverage is very attractive to the algorithm, but that's a very inefficient way to fuzz zlib.
Most of these libraries are targeted specifically by OSS-Fuzz [0] and their integration into Firefox is fuzzed with libFuzzer using the fuzzing interface andrei mentioned.
AFL is not that smart. If you only do bit flippings on the inputs, then fuzzing a JavaScript engine/dom engine will take forever. The "domino" (Mozilla internal tool) looks quite powerful as it generates semantically correct dom. Sadly, it is not open source. Google has a tool designed specifically to fuzz JavaScript engines, Fuzzilli[1], which hackers have been using for bug hunting.
I believe they use libfuzzer to test isolated components [0], but seems like they wanted to specifically focus on browser fuzzing for this post (it's probably more interesting, too).
It depends on which branch you checked out before you built. By default you'll normally end up with a checkout of 'mozilla-central', in which case it will use a separate profile.
Well, let's ask. "Hey Google, is what is AI used in?". My Google Home responded that AI is used in virtual assistants and autonomous flying among other things. She sent me a link with more info on my phone. So it sounds like it might have some other uses :P
10,000 people working on Alexa and every time I use my Firestick it can't even search the right data, that's before we even start talking about the voice recognition quality. I wish we had virtual assistants so it could tell me a media player that actually works like it's 2021.
A good Fuzzer would probably replace a few 100 of these workers.
I'm aware 10,000 workers is part hyperbole and mostly not coders more like HR, managing, translations and marketing but I'm pretty sure you could kill off 100 people without hurting the product given how it stands so even if the fuzzer did nothing it could replace 100 people.
But it could test UI both voice and graphical, test inputs, test codebase, test load balancing, find security issues, it could help with marketing and translations. I also think a fuzzer could beat a manager at doing their job, but that's probably cynicism. You'd be better using the fuzzer at getting useless managers re-assigned.
I wonder why that is— that always struck me as a particular elegant approach, and I know AFL has been used to find tons of bugs in various popular open source projects. There was a popular article on HN a while back where AFL even “learned” how to generate valid jpg image file headers.