Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

My computer froze #179

Open
ghost opened this issue Sep 17, 2021 · 2 comments
Open

My computer froze #179

ghost opened this issue Sep 17, 2021 · 2 comments

Comments

@ghost
Copy link

ghost commented Sep 17, 2021

I was opening index.html locally one by one in Firefox 60 with NoScript, Firefox 78, Otter 0.9.99 (it froze), Chromium 90, Opera 12 on Xubuntu 16.04.5 x86 with 1.5 GB RAM and 1 GB swap. After a while the computer hangs, constant HDD activity. I think the reason is the lack of RAM and swap. I had to press Reset and then check my Ext4 partition for errors.

So I think you are posting malicious code. I think the police punishment is fair (because the code was available to many people and downloaded to people's computers without asking, someone suffered a loss, probably a big one). I ask you to post a warning to other users.

You think the problem is small because of the small amount of code. It's not. The Zip bomb code is small too (unpacking a giant file), but it has a malicious purpose and some anti-viruses detect it.

@ghost
Copy link
Author

ghost commented Sep 18, 2021

The Otter browser hangs if I check the "disable JavaScript popups" box. Then I try to close the application and the memory and swap consumption increases avalanche-like.

Screenshots:
https://i.imgur.com/rsaOemU.png
https://i.imgur.com/q5LM0l8.png

I know Internet Explorer 6 can't handle recursion. So, I found 3 browsers that your "simple" code destroys:

  1. Otter based on Webkit 2016 (danger level: critical - system hangs)
  2. Internet Explorer 6
  3. Nintendo browsers (as mentioned in the comments to issues).

Information about Otter:
Version: 0.9.99 RC 9
Engine: Webkit-backend (legacy) 538.1
OpenSSL 1.0.2g 1 Mar 2016
About screenshot: https://i.imgur.com/2S5GjYX.png

@Prasantacharya
Copy link

Apologizes if this sounds insulting or condescending I dont mean it in that way, but what did you think an infinite loop of alerts would do? Its pretty obvious what it is, I wouldn't really call it malicious.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant