Bug 1670195 Comment 23 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

(Following up comment #22)

I just double-checked, and found that the self-crashing `/usr/lib/libcrypto.dylib` dates back only to macOS 10.15. On earlier versions of macOS and OS X it's a soft link to one of the versioned dylibs. So, strictly speaking, we'd only need to prevent loading `/usr/lib/libcrypto.dylib` on macOS 10.15 and up. But it probably wouldn't hurt to prevent it from loading on *all* supported versions of macOS. Non-Apple apps that try to load `/usr/lib/libcrypto.dylib` are almost certainly trying to load a non-Apple `libcrypto.dylib`, located elsewhere.

As I understand it, Firefox currently supports back to macOS 10.12.
(Following up comment #22)

I just double-checked, and found that the self-crashing `/usr/lib/libcrypto.dylib` dates back only to macOS 10.15. On earlier versions of macOS and OS X it's a soft link to one of the versioned dylibs. So, strictly speaking, we'd only need to prevent loading `/usr/lib/libcrypto.dylib` on macOS 10.15 and up. But it probably wouldn't hurt to prevent it from loading on *all* supported versions of macOS. Non-Apple apps that try to load `/usr/lib/libcrypto.dylib` are almost certainly trying to load a non-Apple `libcrypto.dylib`, located elsewhere. Apple apps will (presumably) always load one of the versioned dylibs.

As I understand it, Firefox currently supports back to macOS 10.12.
(Following up comment #22)

I just double-checked, and found that the self-crashing `/usr/lib/libcrypto.dylib` dates back only to macOS 10.15. On earlier versions of macOS and OS X it's a soft link to one of the versioned dylibs. So, strictly speaking, we'd only need to prevent loading `/usr/lib/libcrypto.dylib` on macOS 10.15 (Catalina) and up. But it probably wouldn't hurt to prevent it from loading on *all* supported versions of macOS. Non-Apple apps that try to load `/usr/lib/libcrypto.dylib` are almost certainly trying to load a non-Apple `libcrypto.dylib`, located elsewhere. Apple apps will (presumably) always load one of the versioned dylibs.

As I understand it, Firefox currently supports back to macOS 10.12 (Sierra).
(Following up comment #22)

I just double-checked, and found that the self-crashing `/usr/lib/libcrypto.dylib` dates back only to macOS 10.15 (Catalina). On earlier versions of macOS and OS X it's a soft link to one of the versioned dylibs. So, strictly speaking, we'd only need to prevent loading `/usr/lib/libcrypto.dylib` on macOS 10.15 (Catalina) and up. But it probably wouldn't hurt to prevent it from loading on *all* supported versions of macOS. Non-Apple apps that try to load `/usr/lib/libcrypto.dylib` are almost certainly trying to load a non-Apple `libcrypto.dylib`, located elsewhere. Apple apps will (presumably) always load one of the versioned dylibs.

As I understand it, Firefox currently supports back to macOS 10.12 (Sierra).

Back to Bug 1670195 Comment 23