Jesse Ruderman has written his own JavaScript compiler/decompiler fuzzer for testing the JavaScript engine in Firefox. However since the findings of this tool can be useful to any browser vendor, he was happy to share it with anyone, including Apple and Opera.

This fuzzer, called jsfunfuzz, tests the JavaScript engine by performing a large amount of standard language functions in different ways, but also performs intended errors. Through his blog Jesse tells that there were around 280 JavaScript bugs found in Firefox, of which 2/3 has been fixed already. There were even a dozen memory safety bugs that were likely to be exploitable to run arbitrary code.

In conjuction with the announcement of the tool, Opera released a new weekly which fixes four JavaScript crasher bugs, of which one was a potential security issue.

Update: Though indirectly related, this story is very interesting where Mike Shaver from Mozilla Corp. states that they can fix security issues in ten days. Whether or not they can make it, as patching, testing, releasing takes quite some time, it does make clear they take security very seriousl, even though they have been slower lately.