Welcome to WebmasterWorld Guest from

Forum Moderators: incrediBILL

Message Too Old, No Replies

655 bugs and 71 security issues in Firefox source code

At least in theory...

12:15 pm on Sep 9, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 11, 2002
votes: 0

US and Canada based company "Klocwork" is currently evaluating popular Open Source packages with their source-code analysis tool "K7". One of their projects was to have a look at Firefox:

Overall it is clear that Firefox is a very well written and high quality piece of software. Several builds were performed on the code, culminating in the final analysis of version The analysis resulted in 655 defects and 71 potential security vulnerabilities. The Firefox team has been given the analysis results, and they will determine if or how they will deal with the issues.

The results in a more detailed view: [g2zero.com...]

For me it seems most of the issues are of theoretical nature. I also have trust in the core developers to check and fix these issues pretty fast. A similar analysis on the sourcecode of IE would be interesting though, but I doubt we will ever see results of such an analysis.

4:26 pm on Sept 9, 2006 (gmt 0)

Full Member

10+ Year Member

joined:Nov 18, 2003
votes: 0

From my experience using similar static analysis tools on my company's code, I suspect that many of the null pointer dereference issues will never result in a crash -- automatic code analysis overlooks the inherent constraints that the code runs under. I doubt more than 1 or 2 of all of these errors are actually exploitable, in practice.

That's not to say this kind of analysis isn't useful - if this kind of tool raises a warning, it's usually indicative of either a minor bug or programmer laziness.

655 bugs actually struck me as being on the low side for code this size. They must have either severely constrained the kinds of warnings the tool could produce, or most issues typically found by static analysis must have been removed by other, similar tools.


Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members