Closed
Bug 1277846
Opened 8 years ago
Closed 8 years ago
Crash in pmls.dll/rlls.dll with premiere opinion or relevant knowledge malware
Categories
(External Software Affecting Firefox :: Other, defect)
Tracking
(firefox47 affected, firefox48 verified, firefox49 fixed, firefox50 fixed)
People
(Reporter: philipp, Assigned: philipp)
References
Details
(Keywords: crash)
Crash Data
Attachments
(2 files)
|
1.17 KB,
patch
|
bugzilla
:
review+
Sylvestre
:
approval-mozilla-aurora+
Sylvestre
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
|
1.11 KB,
patch
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-14ebdad7-023c-4559-9000-2e43f2160527. ============================================================= this is a crash caused by premiere opinion malware across all windows versions with ~800 weekly crashes. it is spread out over various signatures...
|
Assignee | |
Comment 1•8 years ago
|
||
and another 500 crashes per week are due to the rlls.dll module (those are related malware products & also seem to share the same dll versioning scheme).
Summary: Crash in pmls.dll@0x with premiere opinion malware → Crash in pmls.dll/rlls.dll with premiere opinion or relevant knowledge malware
|
|
Assignee | |
Comment 2•8 years ago
|
||
presumptive blocklisting patch which covers a few more related .dlls - not all 64bit variants of them are showing up in our crash stats data (yet?), but i have added them as a precaution.
Assignee: nobody → madperson
Attachment #8759697 -
Flags: review?(aklotz)
|
||
Updated•8 years ago
|
Attachment #8759697 -
Flags: review?(aklotz) → review+
|
|
Assignee | |
Updated•8 years ago
|
Keywords: checkin-needed
|
|
Assignee | |
Updated•8 years ago
|
Crash Signature: [@ pmls.dll@0x39fde]
[@ pmls.dll@0x39dc2]
[@ pmls.dll@0x39fd3]
[@ rlls.dll@0x39dc2]
[@ pmls.dll@0x39db7]
[@ rlls.dll@0x39fde]
[@ rlls.dll@0x39db7]
[@ rlls.dll@0x39fd3]
[@ pmls.dll@0x5862e]
[@ pmls.dll@0x58649]
[@ pmls.dll@0x5862c]
Pushed by cbook@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/233878acc14b Add various .dlls related to PremierOpinion/RelevantKnowledge to the Windows blocklist. r=aklotz
Keywords: checkin-needed
|
||
Comment 4•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/233878acc14b
|
|
Assignee | |
Comment 5•8 years ago
|
||
Comment on attachment 8759697 [details] [diff] [review] bug1277846_blocklist.patch Approval Request Comment [Feature/regressing bug #]: external malware hooking into firefox [User impact if declined]: 1000 weekly crashes on release, 400 on beta but none in other pre-release channels. so the blocklist patch would need to go into beta, in order to validate that it is working [Describe test coverage new/current, TreeHerder]: n/a [Risks and why]: low, this is making use of the purpose-built .dll-blocklist [String/UUID change made/needed]: none
Attachment #8759697 -
Flags: approval-mozilla-beta?
Attachment #8759697 -
Flags: approval-mozilla-aurora?
|
||
Comment 6•8 years ago
|
||
Comment on attachment 8759697 [details] [diff] [review] bug1277846_blocklist.patch Fix a crash, taking it Should be in 48 beta 2
Attachment #8759697 -
Flags: approval-mozilla-beta?
Attachment #8759697 -
Flags: approval-mozilla-beta+
Attachment #8759697 -
Flags: approval-mozilla-aurora?
Attachment #8759697 -
Flags: approval-mozilla-aurora+
|
|
||
Comment 7•8 years ago
|
||
| bugherder uplift | ||
https://hg.mozilla.org/releases/mozilla-aurora/rev/395d166833b0
|
|
||
Comment 8•8 years ago
|
||
has problems to apply to beta: grafting 350668:395d166833b0 "Bug 1277846 - Add various .dlls related to PremierOpinion/RelevantKnowledge to the Windows blocklist. r=aklotz, a=sylvestre" merging mozglue/build/WindowsDllBlocklist.cpp warning: conflicts while merging mozglue/build/WindowsDllBlocklist.cpp! (edit, then use 'hg resolve --mark') abort: unresolved conflicts, can't continue (use 'hg resolve' and 'hg graft --continue')
Flags: needinfo?(madperson)
|
|
Assignee | |
Comment 9•8 years ago
|
||
this would be a patch rebased for mozilla-beta
Flags: needinfo?(madperson) → needinfo?(cbook)
|
|
||
Comment 10•8 years ago
|
||
| bugherder uplift | ||
https://hg.mozilla.org/releases/mozilla-beta/rev/0bcc9439bf8c
|
|
||
Comment 11•8 years ago
|
||
(In reply to [:philipp] from comment #9) > Created attachment 8763961 [details] [diff] [review] > bug1277846_beta.patch > > this would be a patch rebased for mozilla-beta thanks! landed!
Flags: needinfo?(cbook)
|
|
Assignee | |
Comment 12•8 years ago
|
||
this seems to have worked - those crashes are stopping with 48.0b3.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•