Full Disclosure mailing list archives

Re: Firefox 2.0.0.7 has a very serious calculation bug [FIB FOUND/CONFIRMED]

From: blah <blah () blakogre com>
Date: Fri, 28 Sep 2007 10:39:10 -0700

IE7 was fine for me, showed up in FF 2.0.0.7

However, I think it's much wider-spread than initially thought.  I
found the same most unsettling results using:
javascript:4.2-0.1
javascript:3.2-0.1
javascript:2.2-0.1

I did not have time to try more, but obviously all of you can see the
possibilities.  Because it appears this works with any number, I've
dubbed it the FIB, (Firefox Infinite Bug).

I think this should get its own exploit category, too, since
assuredly, perhaps one day, this will be exploitable.

On 9/28/07, Steven Adair <steven () securityzone org> wrote:

So are we dealing with an RDCB (Recently Disclosed Calculation Bug) or was
this just a mistake?

Steven

Actually, I see 5.1000000000000005 in both browsers.

Larry Seltzer
eWEEK.com Security Center Editor


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Firefox 2.0.0.7 has a very serious calculation bug [FIB FOUND/CONFIRMED] blah (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug [FIB FOUND/CONFIRMED] Larry Seltzer (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug [FIB FOUND/CONFIRMED] Susam Pal (Sep 29)