Closed Bug 1259489 Opened 9 years ago Closed 8 years ago

Trusteer Rapport should be blocked

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: Sylvestre, Unassigned)

References

Details

Attachments

(1 file)

part B - Add Trusteer Rapport DLLs to the blocklist,
1.15 KB, patch
bugzilla
: review+
Details | Diff | Splinter Review
Trusteer has been causing a lot of crashes lately (like 9 crashes into the top 15). We have been in contact with them for the last 3 months. They are fixing bugs but causing others all the time. I believe we should block them now until they find a better way to plug into our product. Some examples: bug 1254527 bug 1255026 bug 1242393 Note that, besides crashes, it is also causing bugs like bug 1238620 (not possible to upload files bigger than 500k)
Summary: Trusteer should be blocked → Trusteer Rapport should be blocked
Is this an add-on or just an application injecting binaries? Also, is there any reason to keep this bug private?
I think it is an "application injecting binaries". About private, yes, it might have some legal implications.
Benjamin, could you find someone to write the patch? Thanks
Flags: needinfo?(benjamin)
Can you expand on 'legal implications'? All the crash bugs you've referenced are public, and they contain a lot more detail than this one.
Blocking Trusteer rapport could make IBM unhappy.
MozReview-Commit-ID: K3NPE0eOmCl
Assignee: nobody → benjamin
Status: NEW → ASSIGNED
Flags: needinfo?(benjamin)
Attachment #8737211 - Flags: review?(aklotz)
Attachment #8737211 - Flags: review?(aklotz) → review+
Could we test that blocklisting works? This way we're prepared in case we have spiking crashes in the future.
Carl, could you test this? With bug 1370807 and our new no-dll-injection policy we should be able to deploy this now without issue.
Group: mozilla-employee-confidential
Flags: needinfo?(ccorcoran)
I'll take a look.
Flags: needinfo?(ccorcoran)
Our dll blocklist is not enough to block this, at least the latest version which I installed. Launching firefox.exe in a debugger shows this module load order: > ModLoad: 00007ff6`e5110000 00007ff6`e51e1000 firefox.exe > ModLoad: 00007ff8`7f240000 00007ff8`7f41b000 ntdll.dll > ModLoad: 00007ff8`7dcf0000 00007ff8`7dd9e000 C:\Windows\System32\KERNEL32.DLL > ModLoad: 00007ff8`7b930000 00007ff8`7bb79000 C:\Windows\System32\KERNELBASE.dll > ModLoad: 00007ff8`5fcf0000 00007ff8`5fecf000 c:\program files (x86)\trusteer\rapport\bin\x64\rooksbas_x64.dll > ModLoad: 00007ff8`7d070000 00007ff8`7d0c1000 C:\Windows\System32\SHLWAPI.dll > ... No Firefox code has run yet, so the DLL block list is too late. I am not sure how rooksbas_x64 is loaded so early in process initialization, but it's not the first time I've seen this exact module load order.
In an email thread we have with them, they said they are planning to move to an extension-based solution.
Assignee: benjamin → nobody
Status: ASSIGNED → NEW
Less of an issue lately, will move to a webextension, wontfix it.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: