Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

From: "Jimby Sharp" <jimbysharp@xxxxxxxxx>
Date: Sun, 30 Sep 2007 11:55:25 +0530

Exactly! And the so called security experts who are giving long
lectures in the list about how any bug can result in a potential
security flaw, they are forgetting that if a security flaw arises it
arises because of the programmer and not Firefox.

If I use strcpy() to read user input into a buffer, I am at fault and
not C compiler.

On 9/30/07, Andrew Farmer <andfarm@xxxxxxxxx> wrote:

On 28 Sep 07, at 19:25, wac wrote:

On 9/28/07, Jimby Sharp <jimbysharp@xxxxxxxxx> wrote:

How is this serious and is it related to security in any manner? If
not, please do not spam. :-(

Many bugs are security related (I would say all). How it is security
related? Think. What happens if your bank calculates something
wrong and
puts the lower in your account and the higher in another account?
Yes It
might be little but what about a little many
times? That could be done with javascript too. Then... you are not
safe
anymore.

If your bank is doing financial calculations using Javascript in a
standard web browser, you have bigger things to worry about than
roundoff errors.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
  - From: James Matthews

References:
- [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
  - From: carl hardwick
- Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
  - From: Jimby Sharp
- Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
  - From: wac
- Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
  - From: Andrew Farmer

Prev by Date: Re: [Full-disclosure] Testing DidTheyReadIt.com
Next by Date: Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
Previous by thread: Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
Next by thread: Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
Index(es):
- Date
- Thread

Relevant Pages

Risks Digest 24.91
... ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ... Adi Shamir's bug attack ... Security company e-mail undercuts user education ...
(comp.risks)
Exim 3.34 and lower.
... Its a good time to announce that 2xs security LTD. decided to ... GDB is free software, covered by the GNU General Public License, and you ... will research and fix this bug. ... > the end of the string, reading garbage, causing a segfault, whatever. ...
(Vuln-Dev)
Re: [Lit.] Buffer overruns - LONG
... effects of security bugs on the intended functionof the ... then I agree that techniques for reducing the impact of a bug ... overrun bug (its hazard) depends on the intended function of the ...
(sci.crypt)
[UNIX] Bugzilla Unauthorized Bug Modification And Information Disclosure Vulnerabilities
... Get your security news from a reliable source. ... unauthorized bug modifications possible by a third party. ... Private User Comments and Attachment Summaries Leak In XML Bug Export ... Private Metadata Changes For Attachments Information Leak ...
(Securiteam)
Re: Security researchers organization
... > The Sardonix.org security auditing web site was designed to ... Sardonix provides: ... prevent last year's Chunked Encoding bug? ... -> this provides a reason for individual team members to share their ...
(NT-Bugtraq)