Closed
Bug 1010080
Opened 11 years ago
Closed 7 years ago
Adware add-on searchme 2.0 can cause an infinite stack recursion during startup
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: ehsan.akhgari, Unassigned)
Details
Attachments
(2 files)
I restarted my Nightly earlier today and upon restart I noticed that it crashes. After attaching gdb to it and a series of interesting(!) debugging sessions, I realized that the issue is caused by an extension called searchme 2.0 by Spigot Inc. I'm not sure how I got this extension installed on my system. The latest thing that I got installed on my system was the latest version of the BitTorrent client and my strongest bet is that's how I got that extension. It has also been installed in Chrome.
But here's the nature of the bug. The add-on has the following code in chrome/content/protection.js (attaching the XPI file):
observe: function(subject, topic, prefName)
{
if (topic == "nsPref:changed") // && prefName == "extensions.somepref")
{
switch (prefName)
{
case "keyword.URL":
if (this.isOurEngine())
this.handleChanges();
break;
case "browser.search.selectedEngine":
case "browser.search.defaultenginename":
if (SEARCHME.from3rdparty)
searchme_setFirefoxPreference("searchme.protection", "true", "string");
if (!this.isOurEngine())
this.handleChanges();
else
searchme_setFirefoxPreference("searchme.protection", "true", "string");
break;
}
}
},
handleChanges: function ()
{
var strProtected = searchme_getFirefoxPreference("searchme.protection");
if ("false" == strProtected)
return;
if (SEARCHME.from3rdparty)
{
if (this.jsonPrefs)
{
for each (pref in this.jsonPrefs)
{
searchme_setFirefoxPreference(pref.name, pref.value, pref.type);
}
}
else
{
searchme_setFirefoxPreference("browser.search.selectedEngine", this.enginename, "string");
searchme_setFirefoxPreference("browser.search.defaultenginename", this.enginename, "string");
}
searchme_EnsureVisibleDS(this.enginename);
}
else
{
searchme_setFirefoxPreference("searchme.protection", "false", "string");
}
}
Specifically, the add-on handles nsPref:changed for "browser.search.selectedEngine", which can call handleChanges (presumably when the add-on detects that the yahoo search engine plugin which it tries to force you to use is no longer the default search engine), and handleChanges under some conditions can cause the add-on to set the "browser.search.selectedEngine" pref again, triggering the nsPref:changed observer and ultimately cause an infinite stack recursion leading into a crash when we run out of stack space. Our own code protects against this kind of issue by using the _changingCurrentEngine boolean flag here: <http://mxr.mozilla.org/mozilla-central/source/toolkit/components/search/nsSearchService.js#4067> which is checked for in our nsPref:changed handler.
I would normally say we should contact the add-on author and get them to fix this extension but since this is an adware which I never installed myself and that it can cause Firefox to crash during startup, I think we should blocklist it.
Reporter | ||
Comment 1•11 years ago
|
||
BTW, <http://apple.stackexchange.com/questions/90894/where-has-the-searchme-extension-for-safari-and-chrome-come-from> confirms my suspicion about BitTorrent bundling this. Should we consider contacting them and asking them to not bundle an extension that can cause Firefox startup crashes?
Comment 2•11 years ago
|
||
ID: searchme@mybrowserbar.com
Kris, what does the usage look like for this ID?
Component: Extension Compatibility → Blocklisting
Flags: needinfo?(kmaglione+bmo)
Product: Firefox → addons.mozilla.org
Comment 4•11 years ago
|
||
I tried installing BitTorrent and didn't get the extension. It could be that it's no longer bundled or the installer is different by country.
Kris, can you give it a try? Also, can you tell if the majority of installs are silent?
Flags: needinfo?(kmaglione+bmo)
Comment 5•11 years ago
|
||
I don't get an extension when I install BitTorrent. It does hijack the default search engine to Yahoo, though.
I did accept a click-through offer to install Spigot, but I don't see an add-on.
I also opted into installing the we-care.com add-on, which did bypass about:newaddon
Flags: needinfo?(kmaglione+bmo)
Comment 6•11 years ago
|
||
There's no way to tell if installs are silent. The majority do not have the foreign install flag set, but there are ways of bypassing that, such as dumping the add-on into the stage directory. Most copies with the foreign install flag seem to be disabled.
Reporter | ||
Comment 7•11 years ago
|
||
This is the bittorrent image I downloaded, it _definitely_ bundles this add-on, I just verified by reinstalling it, and AFAICT it doesn't even prompt me during the installation process. Also, note that the extension installs itself in _all_ Firefox profiles, and also in Chrome and Safari as well. It doesn't trigger the new extension prompt that I would usually get when a third party software installs an extension.
Comment 8•11 years ago
|
||
So this is happening on OS-X? Hm. OK, well, I don't currently have an OS-X virtual machine, and I'm not willing to intentionally install malware outside of one, so I can't test this at the moment.
Reporter | ||
Comment 9•11 years ago
|
||
(In reply to comment #8)
> So this is happening on OS-X? Hm. OK, well, I don't currently have an OS-X
> virtual machine, and I'm not willing to intentionally install malware outside
> of one, so I can't test this at the moment.
Yeah, I've only seen this on OSX, sorry I should have been more clear about that. And not trying this on your main machine is absolutely the right call! :-)
Comment 10•10 years ago
|
||
I just gave the installer a try and it didn't install the extension. I looked at the package contents and I couldn't see the extension file there either. It could be it is hidden in one of the binaries or downloaded at some point (could be location-dependent also).
Comment 11•10 years ago
|
||
I'll contact Spigot about this anyway.
Reporter | ||
Comment 12•10 years ago
|
||
Thank you. Sorry I wasn't able to provide better information here...
Comment 13•10 years ago
|
||
The fix for the stability issue has been released along with making the install non-silent.
Reporter | ||
Comment 14•10 years ago
|
||
This add-on also replaced yahoo.xml in my profile, which made is so that I didn't get the new Yahoo experience until I edited that file manually.
Assignee | ||
Updated•9 years ago
|
Product: addons.mozilla.org → Toolkit
Comment 15•7 years ago
|
||
Closing old blocklist requests that shouldn't be valid after the move to WebExtensions-only in Firefox 57. Please comment if you think this bug is still valid and should be reopened.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•