Haddouche has been researching denial of service (DoS) vulnerabilities as a hobby and has now identified one in every major browser engine --Chrome, Safari (WebKit), and Firefox.
His latest addition, the Firefox bug, will crash Firefox's browser process on Macs and Linux systems, resulting in the browser showing its classic Crash Reporter popup.
On Windows, the bug is a little bit worse, as besides sometimes crashing the browser, the bug has also been observed freezing the entire operating system, requiring users to perform a hard reboot.
During our experiments, the DoS bug worked against the latest Firefox stable release, but also Firefox Developer and Nightly editions. The bug did not crash Firefox for Android instances, according to ZDNet's tests. Firefox uses the WebKit engine on iOS, instead of its new Quantum engine, so iPhone and iPad users aren't affected.
"What happens is that the script generates a file (a blob) that contains an extremely long filename and prompts the user to download it every one millisecond," Haddouche told ZDNet in an interview.