Closed Bug 1293964 Opened 8 years ago Closed 8 years ago

Block old versions of RoboForm Toolbar for Firefox (pre 7.9.21)

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox51 --- affected

People

(Reporter: marco, Unassigned)

References

Details

Attachments

(1 file)

JS::Heap<T>::~Heap<T> crash reports graph
35.35 KB, image/png
Details 
Extension name: RoboForm Toolbar for Firefox
Extension UUID: {22119944-ED35-4ab1-910B-E619EA06A115}
Extension versions to block: <= 7.9.18
Applications, versions, and platforms affected: Firefox 48 and later on Windows
Block severity: tbd

Homepage, AMO listing, other references and contact info: vm@roboform.com

Reasons: old versions of RoboForm Toolbar for Firefox cause an increase in crashes with the signature JS::Heap<T>::~Heap<T> (currently #34)

RoboForm agreed to be blocklisted, in bug 1261015.
The last version signed for {22119944-ED35-4ab1-910B-E619EA06A115} is 7.9.18 so we'd be blocking all versions - there is no 7.9.20 under {22119944-ED35-4ab1-910B-E619EA06A115}.  I'll ask in bug 1261015
Is it still worth blocking this?  From bug 1261015 it seems the issue is in the dll so blocking arbitrary versions of the addon won't help.  If we are still to proceed, please clarify what max version to block - 7.9.18 would block all versions.
The answers from the developer are a bit misleading, he said we could block versions <= 7.9.18, but didn't say that 7.9.20 hadn't been published yet...
he said that, but he was talking about versions of the dll, not the add-on in https://bugzilla.mozilla.org/show_bug.cgi?id=1261015#c21.
Looks like 7.9.21 contains a fix for the crash. Was it signed?
Flags: needinfo?(awilliamson)
Summary: Block old versions of RoboForm Toolbar for Firefox (pre 7.9.18) → Block old versions of RoboForm Toolbar for Firefox (pre 7.9.21)
Yes. I see versions 7.9.21 and 7.9.21.1, both signed.
Flags: needinfo?(awilliamson)
(In reply to Jorge Villalobos [:jorgev] from comment #6)
> Yes. I see versions 7.9.21 and 7.9.21.1, both signed.

OK, then given bug 1261015 comment 31 and following, I think we can assume that the crash is fixed in 7.9.21 and we can block the extension if the version is < 7.9.21.

Let's wait a few more days for confirmation. Needinfoing me to check this again in a few days (this URL is useful https://crash-analysis.mozilla.com/rkaiser/datil/searchcompare/?common=product%3DFirefox&p1=addons%3D%7E7.9.18&p2=addons%3D%7E7.9.21).

For future reference, is there a way for me to check whether an extension is signed without nagging you?
Flags: needinfo?(mcastelluccio)
(In reply to Marco Castelluccio [:marco] from comment #7)
> For future reference, is there a way for me to check whether an extension is
> signed without nagging you?

No, at the moment it's a bit of a hassle to find unlisted add-ons, even when you're an admin. When we have a better admin dashboard it may be possible to give more people access.
We have more reports now, and there are no crashes with the signature from bug 1261015, so I think the bug is actually fixed in 7.9.21.

Can we block < 7.9.21?
Flags: needinfo?(mcastelluccio) → needinfo?(awilliamson)
Had to re-use https://addons.mozilla.org/en-US/admin/models/blocklist/blocklistdetail/45/ instead
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
I am confused about this add-on block (https://addons.mozilla.org/en-US/firefox/blocked/i45). Have any of you actually tested Roboform 7.9.21 with Firefox 48.0.2? I ask because I recently had to reinstall the previous version of Roboform in order to regain usability with Firefox.

I have tried Roboform 7.9.21 and Firefox 48.0.2 on three different Windows PC’s (Win7 & 8.1) and even created a new, vanilla Win7x64 VM with only Firefox 48.0.2 and Roboform 7.9.21. The RF add-on does not work on any of those installs. The RF toolbar and all buttons are visible but nothing happens when you click on any of the buttons.

After encountering this issue, I re-installed the previous version of RF and all was working fine for a few days until this morning. This morning I get the warning that all versions of RF prior to 7.9.21 are blocked!

So I’m confused as to why all previous versions are blocked when they do in fact work (I’ve never encountered a crash) and version 7.9.21 is not blocked even though it does not work, at all.
(In reply to Jeff from comment #13)
> So I’m confused as to why all previous versions are blocked when they do in
> fact work (I’ve never encountered a crash) and version 7.9.21 is not blocked
> even though it does not work, at all.

The Roboform developers have fixed a crash in 7.9.21. Most crashes are not reproducible
by *everyone*, this would explain why you have never encountered it, but the crash
was indeed there (otherwise we wouldn't have so many people, more than 200 per day,
reporting it!).
If you're curious, here's the graph of the crash reports for one of the crashes caused by
Roboform (there are more than one fixed in 7.9.21). You can clearly see how the number of
reported crashes was reduced drastically after the deployment of the block.

As to why 7.9.21 doesn't work for you, I'm not sure. We haven't tested it directly because
it's Roboform who develops it, but we do have reports of users successfully using it.
You can use the Roboform support system to report your issue (https://www.roboform.com/php/rtss/main/).
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: