Foi disponibilizado um fuzzer que visa encontrar vulnerabilidades no DOM. O autor diz que já encontrou muitas vulnerabilidades nos browsers actuais.
January 01, 2011
Announcing cross_fuzz, a potential 0-day in circulation, and more
I am happy to announce the availability of cross_fuzz - an amazingly effective but notoriously annoying cross-document DOM binding fuzzer that helped identify about one hundred bugs in all browsers on the market - many of said bugs exploitable - and is still finding more. The fuzzer owes much of its efficiency to dynamically generating extremely long-winding sequences of DOM operations across multiple documents, inspecting returned objects, recursing into them, and creating circular node references that stress-test garbage collection mechanisms.