Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday June 23 2015, @02:31PM   Printer-friendly
from the simple-but-effective dept.

A Favicon bug lets Chrome and Firefox download huge favicon files to the point they crash the browser:

Andrea De Pasquale posted a tweet saying "Weird 64MB favicon.ico turning out to be a TAR backup of the whole WP site, downloaded by every browser passing by."

This creepy bug makes Chrome and Firefox download the huge favicon files to the point till they crash the browser. The silliest part is that the users are not at all aware of this download as it is all done in the background and who is truly to be blamed for this.

[...] Technically, the existence of this bug is no surprise, as there is no rule of standard anywhere which states that the favicon files have to be below a specified limit. As a matter of fact, the favicon files need not have to be .ico files. A lot of GIF, PNG or JPEG files are used with popular websites, and there are no limitations linked to the file's extension.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Touché) by M. Baranczak on Tuesday June 23 2015, @03:15PM

    by M. Baranczak (1673) on Tuesday June 23 2015, @03:15PM (#199918)
    Yeah, there's no standard for a maximum size, but it's common sense to run some sanity checks whenever you download data. If one browser failed to do this, I'd understand, but it says that Safari, Chrome and Firefox are all vulnerable.
    Starting Score:    1  point
    Moderation   +2  
       Interesting=1, Touché=1, Total=2
    Extra 'Touché' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 4, Insightful) by Katastic on Tuesday June 23 2015, @04:45PM

    by Katastic (3340) on Tuesday June 23 2015, @04:45PM (#199970)

    It's easy to think of it in hindsight. But man, have you EVER considered the size of a bookmark icon your entire life before today?

    • (Score: 5, Insightful) by M. Baranczak on Tuesday June 23 2015, @05:07PM

      by M. Baranczak (1673) on Tuesday June 23 2015, @05:07PM (#199982)
      Well, I've never written a web browser, so this specific situation never came up. But I wrote plenty of code that had to download data from untrusted sources. If there's something that shouldn't ever exceed n bytes in normal circumstances, then you add a sanity check that aborts the download if it reaches 10n bytes. You set the threshold high, in case you underestimated. It's just fundamental programming skills.
    • (Score: 0) by Anonymous Coward on Tuesday June 23 2015, @09:19PM

      by Anonymous Coward on Tuesday June 23 2015, @09:19PM (#200105)

      Seriously, no one saw this coming? No one? For a small, small icon? No one saw it coming? We have lost this war, if no one thinks about this sort of things at all when designing stuff, i just give up. i just can't understand this. I give up.