A Favicon bug lets Chrome and Firefox download huge favicon files to the point they crash the browser:
Andrea De Pasquale posted a tweet saying "Weird 64MB favicon.ico turning out to be a TAR backup of the whole WP site, downloaded by every browser passing by."
This creepy bug makes Chrome and Firefox download the huge favicon files to the point till they crash the browser. The silliest part is that the users are not at all aware of this download as it is all done in the background and who is truly to be blamed for this.
[...] Technically, the existence of this bug is no surprise, as there is no rule of standard anywhere which states that the favicon files have to be below a specified limit. As a matter of fact, the favicon files need not have to be .ico files. A lot of GIF, PNG or JPEG files are used with popular websites, and there are no limitations linked to the file's extension.
(Score: 1, Insightful) by Anonymous Coward on Tuesday June 23 2015, @03:19PM
It is only no surprise if you assume that programmers don't know to check their stuff.
No limit given means you have to expect arbitrary large files and handle them gracefully. This can mean to ignore files that are too large to handle. It can not mean crashing. A crash always means that you made an assumption without checking that this assumption holds for your input. In this case, the assumption was that the favicon files will not be arbitrary large, and/or that it will always be a valid image file.
External input must always be checked, especially if it comes from an untrusted source. And frankly, I'm surprised that downloading the favicon behaves differently than downloading anything else, because at the end the only difference between a favicon and another image is where it gets displayed.
(Score: 3, Interesting) by MichaelDavidCrawford on Tuesday June 23 2015, @03:43PM
It is trivial to crash mobile safari, just spend ten minutes on Facebook.
This is inexcusable.
My MacBook pro just but the dust. For many reasons I may never purchase an apple product ever again.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by GungnirSniper on Tuesday June 23 2015, @03:49PM
Funny, Facebook doesn't kill my mobile browser but things with too many scripts will, like Reason.com. I wonder if that's intended to push us towards mobile (spyware) apps for each site.
Tips for better submissions to help our site grow. [soylentnews.org]
(Score: 2) by Tramii on Tuesday June 23 2015, @04:16PM
It is trivial to crash mobile safari, just spend ten minutes on Facebook.
I just tested this on my iPhone and determined that it was not "trivial". I normally use the Facebook app and was curious to see if I could indeed crash Safari by clicking around on things for 10 minutes. Everything worked fine and mobile Safari did not crash. Of course, I don't have 10,000 friends constantly spamming me with worthless posts, so maybe that's the difference. ¯\_(ツ)_/¯
(Score: 2) by Freeman on Tuesday June 23 2015, @04:40PM
I tried totally ignoring facebook. I still do for the most part, but too many people that I actually care about use it. So, I end up checking it once every couple of months, sometimes more frequently. Plus, my wife is on it, nearly constantly, so I don't really need to check it very often.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Tuesday June 23 2015, @08:08PM
...ignoring facebook. I still do for the most part, but too many people that I actually care about use it.
Sounds like you care about the wrong kinds of people{grin}. I ignore fb and don't miss much of anything, my friends do the same.
(Score: 0) by Anonymous Coward on Tuesday June 23 2015, @04:57PM
Try Zerohedge [zerohedge.com] or the The Green Site [slashdot.org] on the latest generation of iPod if you want to experience a crash. Both dump more ad-tracking code than Safari can handle (or than anyone should have ever reasonably been expected to handle).
(Score: 2) by Tramii on Tuesday June 23 2015, @06:29PM
Fair enough. But I don't think I would sweat it if my MP3 player choked while trying to render a bloated website.
(Score: 1, Funny) by Anonymous Coward on Tuesday June 23 2015, @08:43PM
Surely that's a feature, not a bug. ;P
(Score: 0) by Anonymous Coward on Tuesday June 23 2015, @03:44PM
My experience is that very large images of all flavours tend to cause major problems in Firefox. Especially if they are scaled by the browser. I suspect you'd see the same problem if the image was displayed on the page. I guess the difference is that with favicons it is less obvious what's going on.