General Discussion • Re: Mozilla: Claude uncovered over 100 Firefox bugs + high-severity flaws in 2 weeks

I haven't read the article but these headlines are not to be trusted without actually reading the reports... For example, if I do something like this C code snippet:

CODE:

char *dup = nullptr;if (a_string && length > 0 && length < 30) { dup = strdup(a_string);}

A non-trivial amount of "checkers" will report a security bug because strdup is commonly associated with unbounded memory reading which can be easily exploited. But, anyone reading the code will notice that strup is called only a block that's well guarded and cannot be exploited, effectively making the automated security report invalid.

This example is artificial and an example, but the cURL project (you know, the most used tool to make HTTP requests) routinely received this kind of reports (i.e., invalid security issues caused by the presence of a function, irrespective of its usage) to the point they closed their bug bounty program.

If the over 100 bugs are the same nature, and when investigated they turn out to be invalid, the headline is just marketing.