All web browsers suffer from terrible security

Codenomicon is a Finnish security company which is warning that all browsers are full of dangerous exploits.

Using something called “fuzzing,” its software automatically sweeps and scans to find all potential exploits. It has high level government and corporate contracts.

Codenomicon has just released the results of “fuzzing” on the most popular web browsers available – and guess what – they’re no good. Fanboys for Firefox, Opera, Safari and Chrome are being handed a white flag to stop their bickering in terms of security. They’ve all received a “bad” rating or worse.

In fact, Chrome performed the best in Codenomicon’s fuzzing tests.

The HTTP, TLS and XML processing were all given robustness tests, though according to Codenomicon, TLS and XML are complex protocols and needed further work. It warns that in its robustness testing, there are absolutely no false positives: every exploit found should be treated as critical.

Of the browsers tested, none managed to pass all of the protocol tests. Codenomicon says this means there’s serious room for improvement, no less in XML – where its fuzzers crashed three out of four browsers. Two also had HTTP vulnerabilities.

In the interest of browser security, the results are not individually named in the test.

Here’s the whitepaper.

Codenomicon also tested Wireless Access Points, which you can find here.