Just to make things clear: Crashes in `/usr/lib/libnetwork.dylib` of the kind that might cause user-sensitive information to be written to its `__crash_info` section are vanishingly rare. There have been none over the last six months, aside from the ones I myself triggered, using the [HookCase](https://github.com/steven-michaud/HookCase) hook library I've attached to this bug. (My crashes all have `hook.dylib` in the stack trace.) https://crash-stats.mozilla.org/search/?proto_signature=~NWConcrete_nw_endpoint&platform=Mac%20OS%20X&date=%3E%3D2020-11-10T15%3A35%3A00.000Z&date=%3C2021-05-10T15%3A35%3A00.000Z&_facets=signature&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-signature So we probably don't need to work out how to prevent `__crash_info` data from `/usr/lib/libnetwork.dylib` from becoming public before we start allowing `mac_crash_info` to appear in crash reports. I continue investigating what can show up in the `__crash_info` sections of system modules pulled in by Firefox. So far I haven't discovered any more user-sensitive information. I'll post another report later today.
Bug 1709658 Comment 16 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Just to make things clear: Crashes in `/usr/lib/libnetwork.dylib` of the kind that might cause user-sensitive information to be written to its `__crash_info` section are vanishingly rare. There have been none over the last six months, aside from the ones I myself triggered, using the [HookCase](https://github.com/steven-michaud/HookCase) hook library I've attached to this bug. (My crashes all have `hook.dylib` in the stack trace.) https://crash-stats.mozilla.org/search/?proto_signature=~NWConcrete_nw_endpoint&platform=Mac%20OS%20X&date=%3E%3D2020-11-10T15%3A35%3A00.000Z&date=%3C2021-05-10T15%3A35%3A00.000Z&_facets=signature&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-signature So we probably don't need to work out how to prevent `__crash_info` data from `/usr/lib/libnetwork.dylib` from becoming public before we start allowing `mac_crash_info` to appear in crash reports. I continue investigating what can show up in the `__crash_info` sections of system modules pulled in by Firefox. So far I haven't discovered any more user-sensitive information. I'll post another report later today. Edit: It'll be sometime tomorrow.