Microsoft not only not acknowledging security problems, but asking them not to be disclosed after several months of inaction.<p>Search engine hits to this guy's site indicate that these problems are being independently discovered by people based in China.<p><a href="http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt" rel="nofollow">http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt</a><p>Bugs in all other browsers, although with better responses it seems. Interesting problems to solve here, both technically and socially.<p>---<p>This guy's blog is great, read more of it! Some recent articles:<p><a href="http://lcamtuf.coredump.cx/electronics/" rel="nofollow">http://lcamtuf.coredump.cx/electronics/</a> - geek's guide to electronics for programmers who don't know this stuff<p><a href="http://lcamtuf.coredump.cx/word/" rel="nofollow">http://lcamtuf.coredump.cx/word/</a> - cool physical project - threat level indicator<p>---<p>Author Wikipedia page:<p><a href="http://en.wikipedia.org/wiki/Micha%C5%82_Zalewski" rel="nofollow">http://en.wikipedia.org/wiki/Micha%C5%82_Zalewski</a>
Sadly you don't need a fuzzer to crash adobe flash (at least on x86_64 linux). A few hours browsing top-25 websites normally does the trick.<p>There is a big reason Chrome sandboxes plugins, and its named "Adobe".
Although MS' reaction does appear to be irresponsible, a browser crash is hardly the worst security issue I can imagine. If that's all this guy is finding -- it's all he mentions in his post -- then this sounds more like security for security's sake than anything practical.