Closed
Bug 1230253
Opened 9 years ago
Closed 7 years ago
Crash in [@ nsGlobalWindow::SetDocShell ]
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: ritu, Unassigned)
Details
(Keywords: crash)
Crash Data
This crash signature is at #3 rank in 44.0a2 top-crashers category.
It's a startup crash, affecting windows only and predominantly affecting version 44.0a2.
|
Reporter | |
Comment 1•9 years ago
|
||
[Tracking Requested - why for this release]: Top crash on 44.0a2 and discussed in the channel meeting today.
Crash Signature: [@ nsGlobalWindow::SetDocShell ]
status-firefox44:
--- → affected
tracking-firefox44:
--- → ?
|
||
Comment 2•9 years ago
|
||
this seems to be caused by malware, as affected users all have a random {id}.xpi version 1.0.5781.6061 present in their modules (not extension!) list - the pattern is very reminiscent of bug 1181737 ...
the first reports seem to have started in 44.0a1 build 20151029045227
|
|
||
Comment 3•9 years ago
|
||
...that's part of the yontoo adware: https://www.reasoncoresecurity.com/6e3cd58b-7110-464b-bc01-3d3995933177.xpi-a60d2440953a8a5d5c317a1f0bc50192080207b7.aspx
|
||
Comment 4•9 years ago
|
||
Ritu, do you know who deals with blocklist these days? Could we block the relevant addon?
Flags: needinfo?(rkothari)
|
|
||
Comment 5•9 years ago
|
||
it's not an addon but a windows .dll masquerading as xpi-file. also its filename will be randomised/different on each infected system, so it isn't possible to blocklist based on that afaik...
|
|
Reporter | |
Comment 6•9 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #4)
> Ritu, do you know who deals with blocklist these days? Could we block the
> relevant addon?
Re-directing the question to Jorge who helps with addon blocks.
Flags: needinfo?(rkothari) → needinfo?(jorge)
|
||
Comment 7•9 years ago
|
||
If this is a DLL being injected directly into Firefox, there's nothing we can do in the add-on blocklist. I don't know who manages the in-product DLL blocklist. Maybe Kairo knows?
Flags: needinfo?(jorge) → needinfo?(kairo)
|
|
||
Comment 8•9 years ago
|
||
like the last time this happened (bug 1181737) the malware vendors seem to have fixed those crashes with an auto-update as the volume of the crashes is going back towards 0 now...
|
||
Comment 9•9 years ago
|
||
(In reply to Jorge Villalobos [:jorgev] from comment #7)
> If this is a DLL being injected directly into Firefox, there's nothing we
> can do in the add-on blocklist. I don't know who manages the in-product DLL
> blocklist. Maybe Kairo knows?
David Major did when he was still here, in recent weeks philipp has done some patches for DLL blocklist additions - and he already replied here :)
Flags: needinfo?(kairo)
|
|
||
Comment 10•9 years ago
|
||
Anything left to do in this bug, then?
|
||
Comment 11•9 years ago
|
||
Here is a reputable report on Yontoo: https://www.symantec.com/security_response/writeup.jsp?docid=2012-052923-1931-99
Only 1 crash in the last 7 days. I think philipp is right and the adware has gotten an update. Wontfix for 44.
|
||
Comment 12•7 years ago
|
||
All the crashes in the past 6 months are for 52.x versions. None 60.x. So crash is gone or signature has morphed.
https://crash-stats.mozilla.com/signature/?signature=nsGlobalWindow%3A%3ASetDocShell&date=%3E%3D2018-03-05T02%3A16%3A07.000Z&date=%3C2018-09-05T04%3A16%3A07.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_sort=-date&page=1
|
Assignee | |
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•