Arnaboldi found bugs in the major programming languages JavaScript, Perl, PHP, Python and Ruby, and in all cases, he said the vulnerabilities could expose software written using those languages. To run his test, Arnaboldi created a differential fuzzer, XDiFF, which compares behaviour of different inputs, versions, implementations and operating system implementations of the same piece of software. For this project, he ran XDiFF against JavaScript v8, ChakraCore, Spidermonkey, NodeJS v8 and Node (ChakraCore); PHP and the HHVM variant; Ruby and JRuby; Perl and ActivePerl; and CPython, PyPy, and Jython.
Read more