lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 29 Sep 2007 19:11:53 +0530
From: "Jimby Sharp" <jimbysharp@...il.com>
To: wac <waldoalvarez00@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Firefox 2.0.0.7 has a very serious
	calculation bug

Go and read floating point math.

On 9/29/07, wac <waldoalvarez00@...il.com> wrote:
>
>  Many bugs are security related (I would say all). How it is security
> related? Think. What happens if your bank calculates something wrong and
> puts the lower in your account and the higher in another account? Yes It
> might be little but what about a little many times? That could be done
> with javascript too. Then... you are not safe anymore.
> Specially today with the invasion of AJAX. One of the
> browsers is broken for sure (several?). They should do the same even in such
> small things. Should at least be very carefully documented. However just
> documenting it is only going to bring trouble since many programmers won't
> be aware of that. They would not even be making mistakes in the code but
> triggering somebodie's else errors. This kind of stuff happens many times.
> For instance a couple of days ago I hitted a problem in wich both Opera and
> Firefox behaved differently to IE (some parameters in the form where not
> sent to the server). Was with a <table><form></form></table>  instead of
> <form><table></table><form> (or the other way around can't remember right
> was the workaround).
>
>  Yes, every bug is security related. A database that is out of synch. An
> improperly rounded number. Remember why Arianne blowed up on the air because
> of this? Remember the mars landrover locked because of a priority inversion
> bug? Would you call it a security bug? I really doubt many of you would.
> However millions were lost. Wasn't security related? Think. What about if
> someday the computers that handle the nuclear plant nearby make a wrong
> rouding and one of the parameters go out of rank? Computers handle that,
> handle your car, all of your communications, your heart beat and even your
> foot steps (heard about those smart Adidas with a chip?).
>
>  What if an airplane computer miss one of the parameters? It *is* a security
> bug even if it is not a stack/heap overflow, an integer overflow and all of
> the rest you all know about. I consider if not all of the bugs, at least the
> vast majority as security bugs. For your very own good start thinking that
> way too. Because someday you could even die just because somebody's else
> made a mistake in one of those control systems. Worst yet... because someone
> thought that it wasn't a security bug and was not important to fix it.
>
> Regards
> Waldo Alvarez
>
> PD: Now you have another way to verify (fingerprint) wich browser is used to
> browse a website even with spoofed User-Agent headers if javascript is
> turned on.
>
> > And go and learn some floating point maths.
> >
> > On 9/28/07, carl hardwick <hardwick.carl@...il.com > wrote:
> > > There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong
> > > subtractions.
> > >
> > > PoC concept here:
> > > javascript:5.2-0.1
> > > (copy this code into address bar)
> > >
> > > Firefox 2.0.0.7 result: 5.1000000000000005 (WRONG!)
> > > Internet Explorer 7 result: 5.1 (OK)
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ