MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code.