Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

10GB Favicon Bug Crashes Browsers

posted by janrinok on Tuesday June 23 2015, @02:31PM   Printer-friendly
from the simple-but-effective dept.

An Anonymous Coward writes:

A Favicon bug lets Chrome and Firefox download huge favicon files to the point they crash the browser:

Andrea De Pasquale posted a tweet saying "Weird 64MB favicon.ico turning out to be a TAR backup of the whole WP site, downloaded by every browser passing by."

This creepy bug makes Chrome and Firefox download the huge favicon files to the point till they crash the browser. The silliest part is that the users are not at all aware of this download as it is all done in the background and who is truly to be blamed for this.

[...] Technically, the existence of this bug is no surprise, as there is no rule of standard anywhere which states that the favicon files have to be below a specified limit. As a matter of fact, the favicon files need not have to be .ico files. A lot of GIF, PNG or JPEG files are used with popular websites, and there are no limitations linked to the file's extension.

Original Submission

 
This discussion has been archived. No new comments can be posted.
10GB Favicon Bug Crashes Browsers | Log In/Create an Account | Top | 41 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Insightful) by MichaelDavidCrawford on Tuesday June 23 2015, @03:47PM

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Tuesday June 23 2015, @03:47PM (#199934) Homepage Journal

    Iirc some browser just started displaying fab icon.ico if one was available. I don't object to vendor extensions but it should have been submitted to the w3c so they could specify just what a fab icon actually is.

    If you can crash a browser then likely a specially crafted Davison could install malware.

    By the way soes anyone know how to totally disable iOS autocorrect?

    --
    Yes I Have No Bananas. [gofundme.com]
    Starting Score:    1  point
    Moderation   0  
       Troll=1, Insightful=1, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Tuesday June 23 2015, @03:51PM

    by Anonymous Coward on Tuesday June 23 2015, @03:51PM (#199940)

    <input autocorrect="off" autocapitalize="off">

  • (Score: 5, Insightful) by WizardFusion on Tuesday June 23 2015, @04:03PM

    by WizardFusion (498) on Tuesday June 23 2015, @04:03PM (#199949) Journal

    By the way soes anyone know how to totally disable iOS autocorrect

    At the risk of being marked as a troll, don't use apple products.

    • (Score: 2) by MichaelDavidCrawford on Tuesday June 23 2015, @05:02PM

      by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Tuesday June 23 2015, @05:02PM (#199980) Homepage Journal

      and led the standards committee that defined a protocol for interapplication text processing.

      to me autocorrect is particularly vexing because spellswell and lookup both worked better in the 1980s. apple could have licensed our oem engine rather than coming up with this crud at great expense.

      --
      Yes I Have No Bananas. [gofundme.com]

      • (Score: 2) by kaszz on Wednesday June 24 2015, @12:30AM

        by kaszz (4211) on Wednesday June 24 2015, @12:30AM (#200168) Journal

        The licensing conditions for Spellswell perhaps wasn't what Apple liked?

    • (Score: 0) by Anonymous Coward on Tuesday June 23 2015, @05:10PM

      by Anonymous Coward on Tuesday June 23 2015, @05:10PM (#199984)

      I hate this victim-blaming nonsense. You're saying that the way to prevent having your home broken into is to not have a home, and the way to prevent having your stuff stolen is to not own anything. Stop it with this bullshit, its disgusting. It doesn't help anything and just lets everyone know what an asshole you are.

  • (Score: 5, Informative) by Tramii on Tuesday June 23 2015, @04:20PM

    by Tramii (920) on Tuesday June 23 2015, @04:20PM (#199959)
    1. Open the “Settings” app on the iPhone or iPad
    2. Go to “General” and then to “Keyboard”
    3. Locate “Auto-Capitalization” and flip the switch to the OFF position
    4. Locate “Auto-Correction” and flip the switch to the OFF position
    5. Exit out of Settings as usual

  • (Score: 4, Informative) by kaszz on Wednesday June 24 2015, @12:48AM

    by kaszz (4211) on Wednesday June 24 2015, @12:48AM (#200176) Journal

    Once upon a time in 1999, Microsoft released Internet Exploiter number 5 and its users in an comatose bliss started to spew requests for /favicon.ico into web server logs. It was like wtf is that for? and then, purpose? and then, aha eye candy for people that are look-new-shiny-bling-bling.

    As there is a file format called "ICO" perhaps it's time to specify that as the image format? and then the maximum pixel and filesize?
    Seems some browsers have problems displaying large pictures regardless so it could be beneficial to implement some kind of hard limit on images regardless. Like "This image will be 40 000 x 20 000 pixels and using 2.2 GB memory, are you sure you want to display it?" along with free RAM and swap information.

    As for standard committees, Microsoft just steamrolls them.

    • (Score: 1) by ledow on Wednesday June 24 2015, @02:04PM

      by ledow (5567) on Wednesday June 24 2015, @02:04PM (#200386) Homepage

      If your favicon is over 32Kb, we just don't display it.

      See how long it takes for everyone to shrink their favicons back to a sensible size or feel the wrath of users who "only get the little default icon on your website, but not your competitor".