Q&A

Q: Is Grizzly required to reproduce issues that it finds?
A: No. Test cases are intended to be standalone. If problems arise make sure the browser build type is correct and the browser is configured correctly (prefs.js).

Q: Can multiple Grizzly instances be run in parallel?
A: Yes, if your Adapter is multi-process safe, Grizzly is too.

Q: Firefox crashes immediately on launch. What should I do?
A: Verify that the build works standalone and make sure to use a up-to-date prefs.js. PrefPicker can be used to generate prefs.js files for fuzzing.

Q: Which OSs are supported?
A: Currently Linux, MacOS and Windows are supported. Android support is under development.

Q: Which builds are best for fuzzing?
A: ASan builds are typically the best to start with. They can be found here or better yet use fuzzfetch.

Q: Are the Firefox bugs found by Grizzly eligible for a bug bounty?
A: Yes. See the full details here.

Q: Does Grizzly work with browsers other than Firefox?
A: Grizzly is meant to be browser agnostic. At the moment we only provide a Target to work with Firefox. Adding support for other browsers via a Target is possible and encouraged.

Q: Does Grizzly support tools/fuzzers written in languages other than Python?
A: Yes. See here for an example.

Q: How do I get an aggregate report for fuzzing instances?
A: python3 -m grizzly.common.status_reporter --system-report

Q: Can I fuzz other applications that are not browsers, such as the JS shell, etc?
A: No. Grizzly had been built specifically to handle the complexities of browser fuzzing.