Re: Firefox 2.0.0.7 has a very serious calculation bug

["Jimby Sharp" <jimbysharp () gmail com>]

Go and read floating point math.

On 9/29/07, wac <waldoalvarez00 () gmail com> wrote:
>  Many bugs are security related (I would say all). How it is security
> related? Think. What happens if your bank calculates something wrong and
> puts the lower in your account and the higher in another account? Yes It
> might be little but what about a little many times? That could be done
> with javascript too. Then... you are not safe anymore.
> Specially today with the invasion of AJAX. One of the
> browsers is broken for sure (several?). They should do the same even in such
> small things. Should at least be very carefully documented. However just
> documenting it is only going to bring trouble since many programmers won't
> be aware of that. They would not even be making mistakes in the code but
> triggering somebodie's else errors. This kind of stuff happens many times.
> For instance a couple of days ago I hitted a problem in wich both Opera and
> Firefox behaved differently to IE (some parameters in the form where not
> sent to the server). Was with a <table><form></form></table>  instead of
> <form><table></table><form> (or the other way around can't remember right
> was the workaround).
>
>  Yes, every bug is security related. A database that is out of synch. An
> improperly rounded number. Remember why Arianne blowed up on the air because
> of this? Remember the mars landrover locked because of a priority inversion
> bug? Would you call it a security bug? I really doubt many of you would.
> However millions were lost. Wasn't security related? Think. What about if
> someday the computers that handle the nuclear plant nearby make a wrong
> rouding and one of the parameters go out of rank? Computers handle that,
> handle your car, all of your communications, your heart beat and even your
> foot steps (heard about those smart Adidas with a chip?).
>
>  What if an airplane computer miss one of the parameters? It *is* a security
> bug even if it is not a stack/heap overflow, an integer overflow and all of
> the rest you all know about. I consider if not all of the bugs, at least the
> vast majority as security bugs. For your very own good start thinking that
> way too. Because someday you could even die just because somebody's else
> made a mistake in one of those control systems. Worst yet... because someone
> thought that it wasn't a security bug and was not important to fix it.
>
> Regards
> Waldo Alvarez
>
> PD: Now you have another way to verify (fingerprint) wich browser is used to
> browse a website even with spoofed User-Agent headers if javascript is
> turned on.
>
> > And go and learn some floating point maths.
> >
> > On 9/28/07, carl hardwick <hardwick.carl () gmail com > wrote:
> > > There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong
> > > subtractions.
> > >
> > > PoC concept here:
> > > javascript:5.2-0.1
> > > (copy this code into address bar)
> > >
> > > Firefox 2.0.0.7 result: 5.1000000000000005 (WRONG!)
> > > Internet Explorer 7 result: 5.1 (OK)
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/