Full Disclosure mailing list archives
Re: Firefox 2.0.0.7 has a very serious calculation bug
From: "Jimby Sharp" <jimbysharp () gmail com>
Date: Sat, 29 Sep 2007 19:11:53 +0530
Go and read floating point math. On 9/29/07, wac <waldoalvarez00 () gmail com> wrote:
Many bugs are security related (I would say all). How it is security related? Think. What happens if your bank calculates something wrong and puts the lower in your account and the higher in another account? Yes It might be little but what about a little many times? That could be done with javascript too. Then... you are not safe anymore. Specially today with the invasion of AJAX. One of the browsers is broken for sure (several?). They should do the same even in such small things. Should at least be very carefully documented. However just documenting it is only going to bring trouble since many programmers won't be aware of that. They would not even be making mistakes in the code but triggering somebodie's else errors. This kind of stuff happens many times. For instance a couple of days ago I hitted a problem in wich both Opera and Firefox behaved differently to IE (some parameters in the form where not sent to the server). Was with a <table><form></form></table> instead of <form><table></table><form> (or the other way around can't remember right was the workaround). Yes, every bug is security related. A database that is out of synch. An improperly rounded number. Remember why Arianne blowed up on the air because of this? Remember the mars landrover locked because of a priority inversion bug? Would you call it a security bug? I really doubt many of you would. However millions were lost. Wasn't security related? Think. What about if someday the computers that handle the nuclear plant nearby make a wrong rouding and one of the parameters go out of rank? Computers handle that, handle your car, all of your communications, your heart beat and even your foot steps (heard about those smart Adidas with a chip?). What if an airplane computer miss one of the parameters? It *is* a security bug even if it is not a stack/heap overflow, an integer overflow and all of the rest you all know about. I consider if not all of the bugs, at least the vast majority as security bugs. For your very own good start thinking that way too. Because someday you could even die just because somebody's else made a mistake in one of those control systems. Worst yet... because someone thought that it wasn't a security bug and was not important to fix it. Regards Waldo Alvarez PD: Now you have another way to verify (fingerprint) wich browser is used to browse a website even with spoofed User-Agent headers if javascript is turned on.And go and learn some floating point maths. On 9/28/07, carl hardwick <hardwick.carl () gmail com > wrote:There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong subtractions. PoC concept here: javascript:5.2-0.1 (copy this code into address bar) Firefox 2.0.0.7 result: 5.1000000000000005 (WRONG!) Internet Explorer 7 result: 5.1 (OK) _______________________________________________ Full-Disclosure - We believe in it. Charter:http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter:http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Firefox 2.0.0.7 has a very serious calculation bug carl hardwick (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Jimby Sharp (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug wac (Sep 29)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Jimby Sharp (Sep 29)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Andrew Farmer (Sep 29)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Jimby Sharp (Sep 29)
- Re: Firefox 2.0.0.7 has a very serious calculation bug James Matthews (Sep 29)
- Re: Firefox 2.0.0.7 has a very serious calculation bug wac (Sep 29)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Jimby Sharp (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Mukul Dharwadkar (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Steven Adair (Sep 28)
- Re: Firefox 2.0.0.7 has a very seriouscalculation bug gjgowey (Sep 28)