Skip to content
Demonstrates Chrome/Firefox/Safari download 1GB favicons
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
exploit-ios.js
exploit.js

README.md

Favicon Download Bug

This repository demonstrates that browsers will download huge favicon and touch-icon files to the point that they crash and/or bring the computer to a halt - all in the background with no indication to the user that any form of download or networking is happening.

(no spinner)

I originally tested this with Chrome. People have pointed Firefox and Safari do this too, IE does not appear to be affected.

Chrome bug 500639 Firefox bug 1174811 (fixed)

This is what it looks like before crashing on my computer (currently testing on travel laptop with 4gb ram):

Inspired by a tweet by a_de_pasquale.

Running it

  1. Install io.js (NodeJS works too)
  2. Run: node exploit.js
  3. Test your browser by visiting http://localhost:3000 (or if you have process.env.PORT set then that port)

Running it for Apple Touch Icon

  1. Install io.js (NodeJS works too)
  2. Run: node exploit-ios.js
  3. Test on iOS by visiting http://ip-of-computer:3000 and tapping on the share icon (or if you have process.env.PORT set then that port)
You can’t perform that action at this time.