EIP-2026-103397

PRE-CVE

All Browsers - Long Unicode Denial of Service (PoC)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103397. PoCs published by Dr_IDE.

AI-analyzed exploit summary This exploit is a Denial of Service (DoS) Proof of Concept (PoC) that leverages long Unicode strings to consume excessive memory, causing browser crashes or hangs. It targets multiple browsers by repeatedly concatenating and writing Unicode strings to the document.

Description

All Browsers - Long Unicode Denial of Service (PoC)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dr_IDE · htmldosmultiple

https://www.exploit-db.com/exploits/12493

View Code ZIP pw:eip

This exploit is a Denial of Service (DoS) Proof of Concept (PoC) that leverages long Unicode strings to consume excessive memory, causing browser crashes or hangs. It targets multiple browsers by repeatedly concatenating and writing Unicode strings to the document.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Multiple browsers (Firefox 3.6.4, IE 8.0.7600.16385, Lunascape6, Opera 10.51, Safari 4.0.5)

No auth needed

Prerequisites: Victim must visit a malicious webpage

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026