User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0 Build ID: 20120624012213 Steps to reproduce: Entered <a href="javascript: while(1){window.open('http://www.google.com')}"> Hello</a> , while testing for a cross-site scripting vulnerability on an intentionally vulnerable application. Steps to reproduce: 1. point the browser to "http://google-gruyere.appspot.com/start/". 2. Create an account. 3. Click on new snippet. 4. Enter the above mentioned payload. 5. Click on the rendered hyper-link. This can be reproduced by entering the above payload on any website that is vulnerable to XSS, and entering the above mentioned payload with the inner javascript. Actual results: The browser crashed. Expected results: When tested on Chrome. The browser handles the requests by limiting the number of windows and does not crash.