Full Disclosure mailing list archives
Re: Firefox 2.0.0.7 has a very serious calculation bug
From: wac <waldoalvarez00 () gmail com>
Date: Mon, 1 Oct 2007 13:27:59 -0400
Hello: On 9/29/07, Andrew Farmer <andfarm () gmail com > wrote:
If your bank is doing financial calculations using Javascript in a standard web browser, you have bigger things to worry about than roundoff errors.
Ok let's explain this with more details because I realize that you got something else (and might be the case of others). I was not refering to banks performing all of the calculations on the browser. That would be insane because users would be manipulating that for sure changing a couple of web pages. A bank would not last a single day on the internet in such case. I was commenting you about some calculations done in your browser so you don't have to make them in your head, your operating system calculator or a pocket calculator. Taxes and other kind of financial calculations for example. Hey I could add a financial calculator on one side of a page so you don't have to pick one. I don't know wich calculus you could do I'm not a banker (not yet. I tell you by then). The browser can do that kind of things better than you. I don't know an exact example but it could be the case. Remeber there are a zillion websites out there. All the bank needs to be sure is that all of the movements you do does not exceeds your balance. If you (or your browser) intentionally or not performs the calculation wrong... Well... that is your problem. You won't steal money with that to the bank. And that kind of things are very likely to be putted into the browser more and more with AJAX, SilverLight and all of them just to prevent mistakes in the first place. Is the trend. So a rounding bug in javascript (in such case) could be really serious. Also notice that if there is really a problem in FF javascript engine it goes beyond the browser. You could run Tamarin, Spidermonkey or Rhino on the server side and perform some processing there with javascript. http://developer.mozilla.org/en/docs/About_JavaScript "Another common application for JavaScript is as a (web) server side scripting language. A JavaScript web server would expose host objects representing a HTTP request and response objects, which could then be manipulated by a JavaScript program to dynamically generate web pages." I based my previous comments on comments from some other persons but not on my tests. I tried this code and is giving me the same result ( 5.1000000000000005) in IE 6, FF 2.0.0.7 and Opera 9.23: <html> <script type="text/javascript"> a=5.2; b=0.1; alert(a-b); </script> </html> This one is giving me the same numbers too in every browser: <html> <a href="javascript:alert(5.2-0.1)">arrf</a> </html> So seems to me that IE is actually performing those calculations with higher precision only when used as a calculator (directly in the address box) but not in javascript code (fortunately). However let me know if you find something. I'm interested and would like to be aware of it. As a side comment I wanted to tell you that what is out there on the internet is not a standart. Is what IE dictates. IE rules the internet whether you like or not. It comes from a big one and also comes preinstalled. That's why it holds a big share of the market. It imperates and has a lot of pressure on the content published on the internet. As IE adapts to the web, the web also adapts to IE. As another side comment about the FP math. Well don't worry I already did that some time ago. While I'm not the expert in numeric math that was the first part of the first course of numeric math on my second year. As a curiority and also a very usual mistake is that in FP math a + b + c is not always equal to a + c + b. You must sort the numbers before doing that and do the calculus from lower to higher if you want the most accurate results. Yes FP math is tricky sometimes and a lot of care must be taken with it since is not real math but approximations. For example sometimes you need to make transformations to equations or use Taylor. It might look boring at first sight but when you look closer you realize that is very important and catches your eye. Regards Waldo Alvarez
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Firefox 2.0.0.7 has a very serious calculation bug wac (Oct 01)
- <Possible follow-ups>
- Re: Firefox 2.0.0.7 has a very serious calculation bug wac (Oct 01)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Valdis . Kletnieks (Oct 01)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Jimby Sharp (Oct 02)