DoS on Facebook Android app using 65530 characters of ZERO WIDTH NO-BREAK SPACE.
Step to reproduce:
- copy content of https://pastebin.com/0tpucbuv
- Open facebook.com in Mozilla, Create a new note, give title and paste the copied content in body of note and publish the note.
- Visit created note on facebook’s android app, App will goes in infinity loop and user have to close app.
Proof of concept: https://youtu.be/FepNtq2MKus
Status of Vulnerability: Fixed with comment (fb consider DoS attacks in scope as long as they are persistent. (e.g. would require a user to uninstall an app or break a complete functionality)).