Full Disclosure mailing list archives

Re: Firefox 2.0.0.7 has a very serious calculation bug

From: "Jimby Sharp" <jimbysharp () gmail com>
Date: Sun, 30 Sep 2007 11:55:25 +0530

Exactly! And the so called security experts who are giving long
lectures in the list about how any bug can result in a potential
security flaw, they are forgetting that if a security flaw arises it
arises because of the programmer and not Firefox.

If I use strcpy() to read user input into a buffer, I am at fault and
not C compiler.

On 9/30/07, Andrew Farmer <andfarm () gmail com> wrote:

On 28 Sep 07, at 19:25, wac wrote:

On 9/28/07, Jimby Sharp <jimbysharp () gmail com> wrote:

How is this serious and is it related to security in any manner? If
not, please do not spam. :-(


 Many bugs are security related (I would say all). How it is security
related? Think. What happens if your bank calculates something
wrong and
puts the lower in your account and the higher in another account?
Yes It
might be little but what about a little many
times? That could be done with javascript too. Then... you are not
safe
anymore.


If your bank is doing financial calculations using Javascript in a
standard web browser, you have bigger things to worry about than
roundoff errors.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Firefox 2.0.0.7 has a very serious calculation bug carl hardwick (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Jimby Sharp (Sep 28)
  - Re: Firefox 2.0.0.7 has a very serious calculation bug wac (Sep 29)
    - Re: Firefox 2.0.0.7 has a very serious calculation bug Jimby Sharp (Sep 29)
    - Re: Firefox 2.0.0.7 has a very serious calculation bug Andrew Farmer (Sep 29)
    - Re: Firefox 2.0.0.7 has a very serious calculation bug Jimby Sharp (Sep 29)
    - Re: Firefox 2.0.0.7 has a very serious calculation bug James Matthews (Sep 29)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Jimby Sharp (Sep 28)
  - Re: Firefox 2.0.0.7 has a very serious calculation bug Mukul Dharwadkar (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Larry Seltzer (Sep 28)
  - Re: Firefox 2.0.0.7 has a very serious calculation bug Steven Adair (Sep 28)
    - Re: Firefox 2.0.0.7 has a very seriouscalculation bug gjgowey (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Larry Seltzer (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Michal Zalewski (Sep 28)
  - Re: Firefox 2.0.0.7 has a very serious calculation bug Jimby Sharp (Sep 28)
    - Re: Firefox 2.0.0.7 has a very serious calculation bug Michal Zalewski (Sep 28)

(Thread continues...)