<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">

  <title></title>

</head>

<body bgcolor="#ffffff" text="#000000">

<font face="Arial">This is not only Firefox 2.0.0.7. I still have

2.0.0.5 and it still shows the </font><br>

<pre wrap="">5.1000000000000005. Of course if you understand floating point and the level of accuracy needed, I don't see how this could be serious.

And I don't see a way this being exploited to give RCE.

</pre>

<div class="moz-signature"><font face="Arial" size="3"><br>

Mukul Dharwadkar<br>

<a href="http://www.dharwadkar.com">http://www.dharwadkar.com</a><br>

<a href="http://www.dharwadkar.org">http://www.dharwadkar.org</a><br>

Sister site:<br>

<a href="http://www.saraswatibhuvan.org">http://www.saraswatibhuvan.org<br>

<br>

</a><a href="http://feeds.feedburner.com/%7Er/mdharwadkar/%7E6/1"><img

 src="cid:part1.06010507.03000409@gmail.com"

 alt="Mukul Dharwadkar's weblog" style="border: 0pt none ;"></a>

</font></div>

<br>

<br>

Jimby Sharp wrote:

<blockquote

 cite="mid:3eab9ed60709280935p6478d821h4cb6cf1583ceabd2@mail.gmail.com"

 type="cite">

  <pre wrap="">How is this serious and is it related to security in any manner? If

not, please do not spam. :-(

And go and learn some floating point maths.

On 9/28/07, carl hardwick <a class="moz-txt-link-rfc2396E" href="mailto:hardwick.carl@gmail.com">&lt;hardwick.carl@gmail.com&gt;</a> wrote:

  </pre>

  <blockquote type="cite">

    <pre wrap="">There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong

subtractions.

PoC concept here:

<a class="moz-txt-link-freetext" href="javascript:5.2-0.1">javascript:5.2-0.1</a>

(copy this code into address bar)

Firefox 2.0.0.7 result: 5.1000000000000005 (WRONG!)

Internet Explorer 7 result: 5.1 (OK)

_______________________________________________

Full-Disclosure - We believe in it.

Charter: <a class="moz-txt-link-freetext" href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a>

Hosted and sponsored by Secunia - <a class="moz-txt-link-freetext" href="http://secunia.com/">http://secunia.com/</a>

    </pre>

  </blockquote>

  <pre wrap=""><!---->

_______________________________________________

Full-Disclosure - We believe in it.

Charter: <a class="moz-txt-link-freetext" href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a>

Hosted and sponsored by Secunia - <a class="moz-txt-link-freetext" href="http://secunia.com/">http://secunia.com/</a>

  </pre>

</blockquote>

</body>

</html>