Closed Bug 1136544 Opened 7 years ago Closed 7 years ago

Firefox 36 triggers StackPivot mitigation in EMET 5.1

Categories

(Firefox :: Untriaged, defect)

36 Branch
x86_64
Windows 8.1
defect
Not set
normal

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: jeremy, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.64 Safari/537.36

Steps to reproduce:

Install Microsoft EMET 5.1. Add monitoring of firefox.exe, and enable StackPivot Mitigation. Run Firefox.


Actual results:

Firefox triggers StackPivot mitigation in EMET, causing EMET to terminate Firefox.


Expected results:

Firefox should launch successfully.
OS: Mac OS X → Windows 8.1
Hardware: x86 → x86_64
Same bug: Windows 7 Ultimate, EMET 5.1, Firefox 36 without any plugins or addons.

Within a few seconds of starting Firefox, EMET terminates Firefox due to StackPivot mitigation.
Can confirm.
Just updated from 35.
FF starts up and several seconds later is closed.
EMET displays a StackPivot notice.
Mozilla Crash reporter is shown too.
StackPivot is described as: "...checks if the stack pointer is changed to point to attacker-controlled memory areas, common technique in Return Oriented Programming (ROP) attacks."
OS: Win7 pro x64 
EMET: 5.1 
EMET link: http://www.microsoft.com/en-gb/download/details.aspx?id=43714
Status: UNCONFIRMED → NEW
QA Whiteboard: [bugday-20150302]
Ever confirmed: true
I think bug 1137050 was a duplicate: https://bugzilla.mozilla.org/show_bug.cgi?id=1137050. It seems to be resolved in 36.0.1 now.
(In reply to danwakefield from comment #3)
> I think bug 1137050 was a duplicate:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1137050. It seems to be
> resolved in 36.0.1 now.

Jeremy, do you agree?
Flags: needinfo?(jeremy)
I agree. 36.0.1 seems to work just fine with StackPivot mitigation enabled.
Flags: needinfo?(jeremy)
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.