Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

from [Susam Pal] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
Date: Fri, 28 Sep 2007 23:39:41 +0530 
Let's take this C code.

#include <stdio.h>

int main(int argc, char **argv) {
  float a = 0.7;
  if(a == 0.7) {
    printf("%f is equal to %f\n", a, 0.7);
  } else {
    printf("%f is not equal to %f\n", a, 0.7);
  }
}

On many implementations (not necessarily all implementations) we will
get the output as:-

0.700000 is not equal to 0.700000

For example, on my Debian Etch with gcc 4.1.2, the output is as shown
above. This doesn't mean it is a bug in GCC. We can't call this a bug in 
GCC because it's just a limitation of floating point math. The 
programmer should be careful of these floating point issues while 
programming.

Similarly, if someone doesn't take care of the floating point behavior 
while writing code in JavaScript, we should say that the JavaScript code 
has the bug instead of saying that the bug is in Firefox.

Regards,
Susam Pal
http://susam.in/

carl hardwick wrote, On Friday 28 September 2007 09:46 PM:

There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong
subtractions.

PoC concept here:
javascript:5.2-0.1
(copy this code into address bar)

Firefox 2.0.0.7 result: 5.1000000000000005 (WRONG!)
Internet Explorer 7 result: 5.1 (OK)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] .NET REMOTING on port 31337, Simon Smith
Next by Date:  [Full-disclosure] Trolls food, Maxime Ducharme
Previous by Thread:  Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug, Rodrigo Barbosa
Next by Thread:  Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug, Brian Kim
Indexes:  [Date] [Thread] [Top] [All Lists]