Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U.
https://exchange.xforce.ibmcloud.com/vulnerabilities/16225
http://lists.immunitysec.com/pipermail/dailydave/2004-May/000587.html