COMMAND

    Netscape

SYSTEMS AFFECTED

    Win '95, NT

PROBLEM

    James  Morris  was  recently  doing  some work with the JavaScript
    'replace' method,  and noticed  that it  was possible  to put  the
    Netscape browser  into a  loop that  the user  couldn't easily get
    out of (in NT, the only way to shut it down was via the taskbar).

    Essentially, if you created a  web page which could be  referenced
    as '/loop.html' which had the following JavaScript code:

function loop()
    {
      alert("Try and get out of this");
      location.replace("/loop.html");
    }

    and loaded  it via  the BODY  onLoad method,  you'd be  stuck in a
    loop and have to kill the browser if using Netscape 3.01 on NT  or
    Win95.

    This  seems  to  be  a  denial  of  service  attack,  and would be
    particularly  annoying  to  users  without 'advanced' knowledge of
    their OS.

SOLUTION

    Well, I don't  know.  I  think the end  of the world  is near so I
    don't even wants to know.