[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <28f529ba0709281039w2c486f54q761e28c9f5b8e1b9@mail.gmail.com>
Date: Fri, 28 Sep 2007 10:39:10 -0700
From: blah <blah@...kogre.com>
To: steven@...urityzone.org
Cc: full-disclosure@...ts.grok.org.uk, carl hardwick <hardwick.carl@...il.com>,
Larry Seltzer <Larry@...ryseltzer.com>
Subject: Re: Firefox 2.0.0.7 has a very serious
calculation bug [FIB FOUND/CONFIRMED]
IE7 was fine for me, showed up in FF 2.0.0.7
However, I think it's much wider-spread than initially thought. I
found the same most unsettling results using:
javascript:4.2-0.1
javascript:3.2-0.1
javascript:2.2-0.1
I did not have time to try more, but obviously all of you can see the
possibilities. Because it appears this works with any number, I've
dubbed it the FIB, (Firefox Infinite Bug).
I think this should get its own exploit category, too, since
assuredly, perhaps one day, this will be exploitable.
On 9/28/07, Steven Adair <steven@...urityzone.org> wrote:
> So are we dealing with an RDCB (Recently Disclosed Calculation Bug) or was
> this just a mistake?
>
> Steven
>
> > Actually, I see 5.1000000000000005 in both browsers.
> >
> > Larry Seltzer
> > eWEEK.com Security Center Editor
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists