Closed
Bug 1274630
Opened 9 years ago
Closed 9 years ago
Stack buffer overrun in guard64.dll@0x494b (probably related to Comodo)
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Tracking
()
People
(Reporter: mccr8, Unassigned)
References
Details
(Keywords: crash, topcrash, topcrash-win, Whiteboard: [AV:Comodo Internet Security])
Crash Data
This bug was filed from the Socorro interface and is
report bp-ec89564f-1f98-4442-9475-04f3c2160519.
=============================================================
#11 Nightly Windows crash with 7 crashes, and I see 74 reports across all channels, all stack buffer overruns. Maybe we should consider blocklisting.
|
||
Comment 1•9 years ago
|
||
it's crashing with guard32.dll as well:
https://crash-stats.mozilla.com/search/?signature=^guard&_facets=signature&_facets=version&_facets=user_comments&_facets=install_time&_facets=platform_pretty_version
Crash Signature: [@ guard64.dll@0x494b] → [@ guard64.dll@0x494b]
[@ guard32.dll@0x4ac69]
[@ guard32.dll@0x49f2]
[@ guard32.dll@0x4a459]
[@ guard32.dll@0x4a1e]
[@ guard32.dll@0x48b2]
[@ guard32.dll@0x4a3c9]
|
||
Comment 2•9 years ago
|
||
We have a few crashes that are related to external libraries (sometimes clearly malware). What should we do? Can we blocklist them all?
Looks like guard32.dll or guard64.dll are related to an antivirus (Comodo).
I've got this issue too. I read the crash report and it highlighted lines in red with all one thing in common: guard32.dll. I don't know enough computer IT speak to know that term, but I see Marco mentioned Comodo, which is our FIREWALL program. We use Avast for anti-virus and such.
We have malwarebytes free version to check for stuff, and my husband is an IT guy, it's just he's never around when firefox is jacked up or ever surfs more than 3 sites unlike myself. I can't even do job applications without it crashing....
Don't know if it'll help anyone but here's my LATEST crash today, #4 I believe:
https://crash-stats.mozilla.com/report/index/5029b2c9-5e77-4b78-92d2-8aa5c2160614
|
|
||
Comment 4•9 years ago
|
||
guard32.dll@0x6a919 is causing 0.3% of crashes on 47 release currently.
Crash Signature: [@ guard64.dll@0x494b]
[@ guard32.dll@0x4ac69]
[@ guard32.dll@0x49f2]
[@ guard32.dll@0x4a459]
[@ guard32.dll@0x4a1e]
[@ guard32.dll@0x48b2]
[@ guard32.dll@0x4a3c9] → [@ guard64.dll@0x494b]
[@ guard32.dll@0x4ac69]
[@ guard32.dll@0x49f2]
[@ guard32.dll@0x4a459]
[@ guard32.dll@0x4a1e]
[@ guard32.dll@0x48b2]
[@ guard32.dll@0x4a3c9]
[@ guard32.dll@0x6a919]
|
|
||
Comment 5•9 years ago
|
||
actually if you combine all the different signatures this issue is more in the range of 0.7% of all crashes on release...
https://crash-stats.mozilla.com/search/?signature=^guard32.dll&signature=^guard64.dll&version=47.0
i've tried some outreach to comodo through regular customer support channels & getting them aware of this bug.
|
|
||
Comment 6•9 years ago
|
||
Harald, do you have some contacts for Comodo?
Summary: Stack buffer overrun in guard64.dll@0x494b → Stack buffer overrun in guard64.dll@0x494b (probably related to Comodo)
|
|
||
Updated•9 years ago
|
Crash Signature: [@ guard64.dll@0x494b]
[@ guard32.dll@0x4ac69]
[@ guard32.dll@0x49f2]
[@ guard32.dll@0x4a459]
[@ guard32.dll@0x4a1e]
[@ guard32.dll@0x48b2]
[@ guard32.dll@0x4a3c9]
[@ guard32.dll@0x6a919] → [@ guard64.dll@0x494b]
[@ guard32.dll@0x4ac69]
[@ guard32.dll@0x49f2]
[@ guard32.dll@0x4a459]
[@ guard32.dll@0x4a1e]
[@ guard32.dll@0x48b2]
[@ guard32.dll@0x4a3c9]
[@ guard32.dll@0x6a919]
[@ guard32.dll@0x70a2]
[@ guard64.dll@0x6fab]
[@ guard32.…
|
|
||
Comment 7•9 years ago
|
||
This is the #14 top crasher, if we consider all guard32.dll and guard64.dll signatures.
Keywords: topcrash,
topcrash-win
OS: Windows 10 → Windows
|
||
Comment 8•9 years ago
|
||
Can someone from Comodo have a look at this? Thanks!
Flags: needinfo?(rob)
Flags: needinfo?(comodo-antivirus)
|
|
||
Updated•9 years ago
|
status-firefox50:
--- → affected
tracking-firefox50:
--- → +
|
|
||
Comment 9•9 years ago
|
||
(In reply to Marco Castelluccio [:marco] from comment #2)
> We have a few crashes that are related to external libraries (sometimes
> clearly malware). What should we do? Can we blocklist them all?
>
> Looks like guard32.dll or guard64.dll are related to an antivirus (Comodo).
i have locally tried blocklisting those modules through our usual WindowsDllBlocklist.cpp method, but this doesn't work unfortunately and guard32.dll/guard64.dll would still be hooking into the firefox process...
|
|
||
Comment 10•9 years ago
|
||
many of the user comments in the crash reports & this user at https://support.mozilla.org/questions/1129205 say the crashes are occurring when they scroll down in the search/feed results on facebook.
|
||
Updated•9 years ago
|
Flags: needinfo?(rob) → needinfo?(robin)
|
||
Comment 11•9 years ago
|
||
Our developers say that they have identified a buffer overflow in an http protocol parser.
I'm awaiting a release date for the fix and will let you know as soon as I know it.
Flags: needinfo?(robin)
|
|
||
Comment 12•9 years ago
|
||
Our developers are working towards a release date of July 11th for a fixed version.
|
||
Comment 13•9 years ago
|
||
(In reply to Robin Alden from comment #12)
> Our developers are working towards a release date of July 11th for a fixed
> version.
Thank you, Robin. It's 99% on Facebook when you're on your feed/home page that it crashes. EVERY. TIME.
I was wondering if FACEBOOK was the problem, as it crashes doing the same thing on Google Chrome on PC as well like 15% of the time.
|
|
||
Comment 14•9 years ago
|
||
hi jen, comodo has released an update with a prospective fix now: https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-8405076-build-is-released-t116113.0.html
if you could reliably reproduce the problem till now, can you test if that update addresses the crashing issue? thank you
Flags: needinfo?(jlsmith.340.fl)
|
|
||
Comment 15•9 years ago
|
||
(In reply to [:philipp] from comment #14)
> hi jen, comodo has released an update with a prospective fix now:
> https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-
> security-8405076-build-is-released-t116113.0.html
>
> if you could reliably reproduce the problem till now, can you test if that
> update addresses the crashing issue? thank you
It updated Comodo yesterday afternoon. I had been using Chrome for Facebook since Firefox was the offending party with Comodo related crashes involving facebook's news feed. Let me test it out and come back
Flags: needinfo?(jlsmith.340.fl)
|
|
||
Comment 16•9 years ago
|
||
in the past week the crashes with guard32.dll/guard64.dll have gone down 40% and i couldn't find new crash reports with version 8.4.0.5076 of the module present so i'll go ahead and mark this crashing bug as fixed by comodo's update.
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(comodo-antivirus)
Resolution: --- → FIXED
|
||
Comment 17•9 years ago
|
||
Crash volume for signature 'guard32.dll@0x6a919':
- aurora (version 49): 106 crashes from 2016-06-07.
- beta (version 48): 1808 crashes from 2016-06-06.
- release (version 47): 9723 crashes from 2016-05-31.
- esr (version 45): 120 crashes from 2016-04-07.
Crash volume on the last weeks:
Week N-1 Week N-2 Week N-3 Week N-4 Week N-5 Week N-6 Week N-7
- nightly 0 4 2 6 3 0 0
- aurora 5 4 46 24 18 7 0
- beta 118 277 442 484 345 119 0
- release 414 1156 2724 2609 2123 604 0
- esr 10 12 47 19 17 11 0
Affected platform: Windows
status-firefox47:
--- → affected
status-firefox48:
--- → affected
status-firefox49:
--- → affected
status-firefox-esr45:
--- → affected
|
||
Comment 18•8 years ago
|
||
Most users seem to have upgraded the comodo tool by now, and this wasn't our bug to begin with, let's stop tracking for fx 50.
|
|
||
Updated•7 years ago
|
Whiteboard: [AV:Comodo Internet Security]
You need to log in
before you can comment on or make changes to this bug.
Description
•