I have been working on doing vulnerability research along with a team of other students over the last semester as part of a graduate course at Arizona State University.
As part of this we selected MuJS as one of our primary targets to investigate. This work ultimately led to commits 94000c669a17a1888d2cdff66116340f0cb3386e f93d24539bc1dc3e8f82ebc6c4e90c3a82adb430 6d1404397f3c3433334418f56048bead007729ac and 7ef066a3bb95bf83e7c5be50d859e62e58fe8515.
These bugs were all discovered through the use of fuzzing with fuzzilli, all using the dockerized setup in this PR.
As we reach the end of the semester, we thought it would be nice to contribute this to MuJS for further use. While fuzzing often requires a decent amount of compute (we ran this setup against MuJS on 40 cores for about 2 months), the bugs in f93d24539bc1dc3e8f82ebc6c4e90c3a82adb430 and 6d1404397f3c3433334418f56048bead007729ac could be detected in less than a minute of running this fuzzer on 1 core.
If you are not interested in merging this into MuJS or would prefer this exists as a separate repository, there's no hard feelings on our end. Alternatively, if you are interested in this, this could likely be furthered with a GitHub action that automatically runs this fuzzer for a short period of time on all new commits / PRs that we would be happy to help setup.
Let me know if you have any questions or thoughts.
Hello,
I have been working on doing vulnerability research along with a team of other students over the last semester as part of a graduate course at Arizona State University.
As part of this we selected MuJS as one of our primary targets to investigate. This work ultimately led to commits 94000c669a17a1888d2cdff66116340f0cb3386e f93d24539bc1dc3e8f82ebc6c4e90c3a82adb430 6d1404397f3c3433334418f56048bead007729ac and 7ef066a3bb95bf83e7c5be50d859e62e58fe8515.
These bugs were all discovered through the use of fuzzing with fuzzilli, all using the dockerized setup in this PR.
As we reach the end of the semester, we thought it would be nice to contribute this to MuJS for further use. While fuzzing often requires a decent amount of compute (we ran this setup against MuJS on 40 cores for about 2 months), the bugs in f93d24539bc1dc3e8f82ebc6c4e90c3a82adb430 and 6d1404397f3c3433334418f56048bead007729ac could be detected in less than a minute of running this fuzzer on 1 core.
If you are not interested in merging this into MuJS or would prefer this exists as a separate repository, there's no hard feelings on our end. Alternatively, if you are interested in this, this could likely be furthered with a GitHub action that automatically runs this fuzzer for a short period of time on all new commits / PRs that we would be happy to help setup.
Let me know if you have any questions or thoughts.
Thanks, Connor Nelson