Researcher Promises Browser Bug-A-Day

A security researcher has promised to release one browser vulnerability each day for the next month as part of his self-proclaimed "Month of Browser Bugs."

H.D. Moore, the lead developer for the Metasploit Framework open-source exploit project, and someone who regularly comes up with attack code, wrote on the group's blog that he intends to issue at least one Web browser flaw each day during July.

"The vendors have been notified and the time has come to start publishing the results," Moore said.

The five bugs posted as of Wednesday to yet another blog include three within Internet Explorer, one in Firefox, and another inside Apple's Safari browser.

As security vendor Symantec pointed out to its DeepSight alert system customers on Monday, Moore didn't initially spell out whether any of the flaws he intended to release had been fixed. As of Wednesday, however, Moore noted that one of the IE vulnerabilities and the Firefox bug have been patched.French bug tracker FrSIRT has posted alerts on some of the browser bugs. Its warning on the Safari flaw -- the most recent disclosed by Moore -- classified the unpatched vulnerability as "low risk," for example.