141763 2015-02-18 12:16:38 -0800 Opening too many WebSocket connections can cause a crash 2016-05-19 10:51:40 -0700 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) All All NEW P2 Normal --- 1 venkatsiva1994 webkit-unassigned ap bfulgham dbates wilander oldest_to_newest 1070190 0 246838 venkatsiva1994 2015-02-18 12:16:38 -0800 Created attachment 246838 html file mentioned in above description unlisted poc video link-> https://www.youtube.com/watch?v=m_rMN4M8a-c Hi Team, The maximum number of WebSocket connections that can be opened at a time must be preset ( for example firefox uses 200 as maximum number of WebSocket at instance ) but Safari(webkit) failed to implement it for firefox you can go through about it here-> https://developer.mozilla.org/en/docs/WebSockets <script> var i=0; while(1) { var connection = new WebSocket('ws://html5rocks.websocket.org/echo'); } </script> above js creates infinite number of websockets. on executing this file Safari(webkit) opens infinite websockets at the same instance which leads to crash of the browser,on serious condition crash of OS.The above website is taken for example (html5rocks.websocket.org) even it can be xyz.com or whatever. The thing is, with Safari(webkit) we can open infinite websockets at an instance which leads to crash.Safari(webkit) doesnt handle it properly Let me show "how Safari(webkit) crashes" and "how Firefox handles this" first let me open Safari(webkit) , execute that file and show you the memory usage as you can see...Safari(webkit) is taking lot of resources As you saw the browser crashed and system will crash on serious condition now let me open the same thing firefox same file it just sent 193 requests then stopped inspite of infinite loop even it didnt take much resources with this vulnerability,attacker can remotely send this file and crash victim's browser tested in mac's safari too(if poc needed let me give it) waiting for good reply thanks and regards venkatesh attached the html file :)) 1088732 1 venkatsiva1994 2015-04-26 05:36:21 -0700 Why no reply from anyone ???? 1194602 2 bfulgham 2016-05-18 20:55:03 -0700 Yikes! This looks bad -- I didn't notice this bug before. Thank you for reporting it! 246838 2015-02-18 12:16:38 -0800 2015-02-18 12:16:38 -0800 html file mentioned in above description web_s.html text/html 142 venkatsiva1994 PGh0bWw+IAo8Ym9keT4KPHNjcmlwdD4KdmFyIGk9MDsKd2hpbGUoMSkKewp2YXIgY29ubmVjdGlv biA9IG5ldyBXZWJTb2NrZXQoJ3dzOi8vaHRtbDVyb2Nrcy53ZWJzb2NrZXQub3JnL2VjaG8nKTsK fQo8L3NjcmlwdD4KPC9ib2R5Pgo8L2h0bWw+Cg==