It's with the right triage owner already. Haik owns this and our third-party blocking policies. >the cases were investigated and we resolved issues on the DLP side... it will be more enterprise-friendly if we collaborated on an alternate viable solution before putting blocking in place As far as I can tell, several bugs about Symantec DLP crashing Firefox are still open, see for example: https://bugzilla.mozilla.org/show_bug.cgi?id=1649485 https://bugzilla.mozilla.org/show_bug.cgi?id=1705042 I checked and both of these issues were reported to you through the mailing list, typically months/years ago. You can see that despite this it's still crashing Firefox users every day. But that aside, see the next point. >With Firefox Beta 99.0 and earlier Beta versions, we are seeing that Symantec DLP DLL injection into Firefox process is getting failed. So, *there is no specific block for Symantec DLLs* at this point. There indeed used to be one for this specific product, but it got removed: https://hg.mozilla.org/mozilla-central/rev/a2466922a9d64479388392e90f309a3b7225c8ef and a replacement wasn't put in place yet. So if your product is failing now that means it's falling foul of a generic security mitigation we did. I wonder if it may be this, which was in Nightlies for 4 years, then in beta 98 and beta 99, and finally rolled out to release 99 today: https://bugzilla.mozilla.org/show_bug.cgi?id=1481454 https://bugzilla.mozilla.org/show_bug.cgi?id=1757487 My understanding is that this injection technique is error-prone, predominantly used by malware, and has caused major incidents in the past where other injected software completely blocked Firefox from starting. Because this isn't a Symantec specific block, I'm not sure how to roll this back, especially as it replaced a mitigation that caused a dot release in Firefox 97.0.1. Disabling the block completely would risk breakage again? We'd probably want to be able to check that thoroughly. And note Firefox 99 hit release with this security mitigation, so it's too late for that. BTW. I believe Rupesh Khetawat at Symantec/Broadcom tried to contact us, perhaps about this, on mozilla-symantec-discuss@mozilla.com but their mails got rejected because they're not a member of that list. We'll see to get them added to that list.
Bug 1762576 Comment 5 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
It's with the right triage owner already. Haik owns this and our third-party blocking policies. >the cases were investigated and we resolved issues on the DLP side... it will be more enterprise-friendly if we collaborated on an alternate viable solution before putting blocking in place As far as I can tell, several bugs about Symantec DLP crashing Firefox are still open, see for example: https://bugzilla.mozilla.org/show_bug.cgi?id=1649485 https://bugzilla.mozilla.org/show_bug.cgi?id=1705042 I checked and both of these issues were reported to you through the mailing list, typically months/years ago. You can see that despite this it's still crashing Firefox users every day. But that aside, see the next point. >With Firefox Beta 99.0 and earlier Beta versions, we are seeing that Symantec DLP DLL injection into Firefox process is getting failed. So, *there is no specific block for Symantec DLLs* at this point. There indeed used to be one for this specific product, but it got removed: https://hg.mozilla.org/mozilla-central/rev/a2466922a9d64479388392e90f309a3b7225c8ef and a replacement wasn't put in place yet. So if your product is failing now that means it's falling foul of a generic security mitigation we did. I wonder if it may be this, which was in Nightlies for 4 years, then in beta 98 and beta 99, and finally rolled out to release 99 today: https://bugzilla.mozilla.org/show_bug.cgi?id=1481454 https://bugzilla.mozilla.org/show_bug.cgi?id=1757487 My understanding is that this injection technique is error-prone, predominantly used by malware, and has caused major incidents in the past where other injected software completely blocked Firefox from starting. Because this isn't a Symantec specific block, I'm not sure how to roll this back, especially as it replaced a mitigation that caused a dot release in Firefox 97.0.1. Disabling the block completely would risk breakage again? We'd probably want to be able to check that thoroughly. And note Firefox 99 hit release with this security mitigation, so it's too late for that.