[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
- To: Jimby Sharp <jimbysharp@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
- From: Mukul Dharwadkar <mukul.dharwadkar@xxxxxxxxx>
- Date: Fri, 28 Sep 2007 09:59:48 -0700
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<font face="Arial">This is not only Firefox 2.0.0.7. I still have
2.0.0.5 and it still shows the </font><br>
<pre wrap="">5.1000000000000005. Of course if you understand floating point and
the level of accuracy needed, I don't see how this could be serious.
And I don't see a way this being exploited to give RCE.
</pre>
<div class="moz-signature"><font face="Arial" size="3"><br>
Mukul Dharwadkar<br>
<a href="http://www.dharwadkar.com";>http://www.dharwadkar.com</a><br>
<a href="http://www.dharwadkar.org";>http://www.dharwadkar.org</a><br>
Sister site:<br>
<a href="http://www.saraswatibhuvan.org";>http://www.saraswatibhuvan.org<br>
<br>
</a><a href="http://feeds.feedburner.com/%7Er/mdharwadkar/%7E6/1";><img
src="cid:part1.06010507.03000409@gmail.com"
alt="Mukul Dharwadkar's weblog" style="border: 0pt none ;"></a>
</font></div>
<br>
<br>
Jimby Sharp wrote:
<blockquote
cite="mid:3eab9ed60709280935p6478d821h4cb6cf1583ceabd2@xxxxxxxxxxxxxx"
type="cite">
<pre wrap="">How is this serious and is it related to security in any manner?
If
not, please do not spam. :-(
And go and learn some floating point maths.
On 9/28/07, carl hardwick <a class="moz-txt-link-rfc2396E"
href="mailto:hardwick.carl@xxxxxxxxx";><hardwick.carl@xxxxxxxxx></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">There's a flaw in Firefox 2.0.0.7 allows javascript to execute
wrong
subtractions.
PoC concept here:
<a class="moz-txt-link-freetext"
href="javascript:5.2-0.1">javascript:5.2-0.1</a>
(copy this code into address bar)
Firefox 2.0.0.7 result: 5.1000000000000005 (WRONG!)
Internet Explorer 7 result: 5.1 (OK)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: <a class="moz-txt-link-freetext"
href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a>
Hosted and sponsored by Secunia - <a class="moz-txt-link-freetext"
href="http://secunia.com/";>http://secunia.com/</a>
</pre>
</blockquote>
<pre wrap=""><!---->
_______________________________________________
Full-Disclosure - We believe in it.
Charter: <a class="moz-txt-link-freetext"
href="http://lists.grok.org.uk/full-disclosure-charter.html";>http://lists.grok.org.uk/full-disclosure-charter.html</a>
Hosted and sponsored by Secunia - <a class="moz-txt-link-freetext"
href="http://secunia.com/";>http://secunia.com/</a>
</pre>
</blockquote>
</body>
</html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/