[Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

[Jimby Sharp]

>  Also notice that if there is really a problem in FF javascript engine it goes beyond the
> browser. You could run Tamarin, Spidermonkey or Rhino on the server side and perform some
> processing there with javascript.

For heaven's sake please try to understand that it is not a problem at all.

> As a side comment I wanted to tell you that what is out there on the internet is not a
> standart. Is what IE dictates. IE rules the internet whether you like or not.

Go and read the ECMA standard. A standard is standard and it has
nothing to do with IE.

> I don't think that's a fair comparison. If you make the right algorithm and you do not get the
>  expected results *is* not your fault but what are you sitting at (compiler, framework, library
> ...).

I fail to understand which part of my argument you failed to
understand. strcpy() provides the expected result for the right
algorithm so we do not say there is a bug in gcc. if someone uses
strcpy() to read user's input directly into a buffer, we say there is
a bug in the program.

Similarly, Firefox javascript floating point math gives expected
results. So there is no bug in Firefox. Now if you write a program
assuming the results of the floating math are absolutely accurate,
your program might have a bug.

---------------------------------------------------------------------------------------------
My protest against stupid Indian security researcher:-
Aditya K Sood is an asshole: http://secnichebogus.blogspot.com/
---------------------------------------------------------------------------------------------