[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

>  Also notice that if there is really a problem in FF javascript engine it 
> goes beyond the
> browser. You could run Tamarin, Spidermonkey or Rhino on the server side and 
> perform some
> processing there with javascript.

For heaven's sake please try to understand that it is not a problem at all.

> As a side comment I wanted to tell you that what is out there on the internet 
> is not a
> standart. Is what IE dictates. IE rules the internet whether you like or not.

Go and read the ECMA standard. A standard is standard and it has
nothing to do with IE.

> I don't think that's a fair comparison. If you make the right algorithm and 
> you do not get the
>  expected results *is* not your fault but what are you sitting at (compiler, 
> framework, library
> ...).

I fail to understand which part of my argument you failed to
understand. strcpy() provides the expected result for the right
algorithm so we do not say there is a bug in gcc. if someone uses
strcpy() to read user's input directly into a buffer, we say there is
a bug in the program.

Similarly, Firefox javascript floating point math gives expected
results. So there is no bug in Firefox. Now if you write a program
assuming the results of the floating math are absolutely accurate,
your program might have a bug.

---------------------------------------------------------------------------------------------
My protest against stupid Indian security researcher:-
Aditya K Sood is an asshole: http://secnichebogus.blogspot.com/
---------------------------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/