Closed Bug 831122 Opened 11 years ago Closed 11 years ago

Block Norton confidential for Firefox18 due to crashes

Categories

(Toolkit :: Blocklist Policy Requests, defect)

x86
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED WONTFIX
Tracking Status
firefox18 - affected
firefox19 - affected

People

(Reporter: Matti, Unassigned)

References

Details

(Whiteboard: [extension])

Bug 783369 is a longstanding report about the Norton Extension that is causing crashes.

It seems that this extension is causing a crash every time a Firefox18 Window is closed
see bug 830107#c2 and probably bug 831101

This crashes makes our users unhappy and they will blame us.
1) We are actively working with Norton to get this fixed on their side.
2) Any DLL blocklisting, if it works at all (there are ways to inject DLLs on Windows that we can't cover with our current code), needs a change in binary code. We do not have support for downloadable blocklists for DLLs.
They are installing 2 extensions (as you can see in the crash report) and I thought that the crash happens due to that extensions.
This bug should be marked wontfix in case that they are really injecting the crashing dll in our process without extension. DLL blocklisting would be too late.

1) We are actively working with Norton to get this fixed on their side.
That would be fine if they find a fix and deploy it before we start with automated updates. Otherwise I would suggest to blocklist it before the disaster starts.

I bet that they don't install their stupid extensions in Chrome or Opera and that's a good reason for many users to switch to those browsers.
(In reply to Matthias Versen [:Matti] from comment #2)
> This bug should be marked wontfix in case that they are really injecting the
> crashing dll in our process without extension. DLL blocklisting would be too
> late.

I haven't checked if blocking add-ons might do the trick, but I seem to remember from the past that this wouldn't work well enough.

> 1) We are actively working with Norton to get this fixed on their side.
> That would be fine if they find a fix and deploy it before we start with
> automated updates. Otherwise I would suggest to blocklist it before the
> disaster starts.

We have already rolled out updates to 18.0 to more than half of the whole Firefox population and three quarters or more of those users who had 17 installed, so we can't talk of doing anything "before we start with automated updates".

They'll take at least a few days until they can roll out anything to the 2012 versions. The 2013 versions seem to be only affected to a way smaller degree though.
I agree to block the two offending versions of the Norton extension. Al least, it's worth an attempt.

Extension name: Norton Toolbar
Extension UUID: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}
Extension versions to block: 2012.5.10.1 and 2013.2.3.1
Applications, versions, and platforms affected: Firefox 18, Windows
Block severity: (hard/soft)
Hardware: x86_64 → x86
Whiteboard: [extension]
Please note that Norton Confidential is used by users to store their passwords, so instead of blocking we should try to push Norton harder to get a fixed version out ASAP. The last reply from them was about 5 days ago:

"We should have a fix for Norton 2013 soon, and Symantec is looking into the possibility of a fix for Norton 2012 as well."
(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #3)
> I haven't checked if blocking add-ons might do the trick, but I seem to
> remember from the past that this wouldn't work well enough.
It does indeed. See http://community.norton.com/t5/Norton-Toolbar-Norton-Identity/Norton-toolbar-update-crashes-Firefox-18/td-p/890159

(In reply to Tyler Downer [:Tyler] from comment #5)
> Please note that Norton Confidential is used by users to store their
> passwords,
Between crashing and not being able to store passwords in a dedicated program (still possible in Firefox), I know what to choose.

> we should try to push Norton harder to get a fixed version out ASAP
It's compatible with the blocking as there's a chance a new extension version will be released.
As it is, users currently have a Firefox that crashes. If we block without there being an alternative, Users won't crash, but they will also lose all their passwords. They aren't going to correlate that with Norton, but instead "Firefox made my passwords disappear". 

Alex, is there any updates from Norton on this?
(In reply to Tyler Downer [:Tyler] from comment #7)
> As it is, users currently have a Firefox that crashes. If we block without
> there being an alternative, Users won't crash, but they will also lose all
> their passwords. They aren't going to correlate that with Norton, but
> instead "Firefox made my passwords disappear". 
> 
> Alex, is there any updates from Norton on this?

They're continuing to investigate on their end with outreach to users and analysis of minidumps.
I assume it's a wontfix.
We should keep this open, as after Norton releases an update, and we've confirmed it fixes the issue, we should block older versions to encourage users to update.
(In reply to Tyler Downer [:Tyler] from comment #10)
> We should keep this open, as after Norton releases an update, and we've
> confirmed it fixes the issue, we should block older versions to encourage
> users to update.

We'll only consider this if uptake to the new fixed versions is very slow, since it's undesirable to block security add-ons/plugins/software.
marking wontfix
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.