Closed Bug 1300480 Opened 8 years ago Closed 7 years ago

Crashes with hmpalert.dll (Hitman Pro Alert)

Categories

(External Software Affecting Firefox :: Other, defect)

defect
Not set
critical

Tracking

(firefox48 wontfix, firefox49 wontfix, firefox50 wontfix, firefox51+ wontfix, firefox52- fixed, firefox53 fixed)

RESOLVED FIXED
Tracking Status
firefox48 --- wontfix
firefox49 --- wontfix
firefox50 --- wontfix
firefox51 + wontfix
firefox52 - fixed
firefox53 --- fixed

People

(Reporter: philipp, Unassigned)

References

Details

(Keywords: crash, Whiteboard: [platform-rel-Sophos])

Crash Data

https://crash-stats.mozilla.com/report/index/bp-9f5c0525-f85e-45aa-be98-91c362160905

there are various crash reports with involvement of the third-party module hmpalert.dll, hooking into firefox. those occur nearly exclusively on windows 7 & upwards and "nl" locale builds seem to be affected the most (the product is developed by a dutch company).
Severity: normal → critical
Crash Signature: [@ hmpalert.dll@0x19bfa ] [@ hmpalert.dll@0x19ba0 ] [@ hmpalert.dll@0xc2fb ] [@ hmpalert.dll@0xa50b ] [@ hmpalert.dll@0x15f9a ] [@ hmpalert.dll@0x141e7 ] [@ hmpalert.dll@0x15f40 ] [@ hmpalert.dll@0x19a10 ] [@ hmpalert.dll@0x16b1e ] [@ hmpalert.dl…
Keywords: crash
Summary: Crashes → Crashes with hmpalert.dll (Hitman Pro Alert)
Is this frequent-enough that we should spend time on it? If this affects all users of the Hitman software, and especially if this is a startup crash, we could try to block the DLL. We don't have many other remediation options, and it's not clear that blocking would be effective.

Is this software available for download?
Flags: needinfo?(madperson)
it's a rather low volume crash at the moment, so we shouldn't spend lots of time on it. blocklisting the module through our normal procedure didn't seem to work either a few months back when i last tried it: https://bugzilla.mozilla.org/show_bug.cgi?id=1268025#c14

they'd have a trial version available at http://www.surfright.nl/en/alert though.
Flags: needinfo?(madperson)
ok, please reopen if you think we should do something
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
50 crash reports have been analyzed and the following versions have been found:
 - hmpalert.dll
   - 2.6.5.77: 1
   - 3.5.1.552: 1
   - 3.5.1.553: 1
   - 3.5.1.550: 1
   - 3.1.9.363: 1
   - 3.5.0.546: 45
thanks marco, 3.5.0.546 is their latest release and 3.5.1.553 their beta build so it looks like the issue is still ongoing in their latest available versions unfortunately.
(also discussed in https://www.wilderssecurity.com/threads/hitmanpro-alert-support-and-discussion-thread.324841/page-449#post-2615113)
Crash Signature: hmpalert.dll@0x16ab0 ] → hmpalert.dll@0x16ab0 ] [@ hmpalert.dll@0xcc3b] [@ hmpalert.dll@0xd03b] [@ hmpalert.dll@0xcbeb] [@ hmpalert.dll@0xd04b] [@ hmpalert.dll@0xcbfb] [@ hmpalert.dll@0x19c1a] [@ hmpalert.dll@0x19baa] [@ hmpalert.dll@0x19c7a] [@ hmpalert.dll@0x19bc0] […
[Tracking Requested - why for this release]:
these crashes got worse on the 51.0b version compared to prior cycles: http://bit.ly/2iAEwbd
can we try some outreach to the vendor (they seem to be part of sophos now) and work with them to address the issue in time, so that we don't have a bad surprise once 51 is generally released...
Status: RESOLVED → REOPENED
Resolution: INCOMPLETE → ---
hi dees, do we have some relationship with sophos (or if not, could you help us setting something up)? thank you.
Flags: needinfo?(dchinniah)
Since we're at the end of the 51 cycle, I recommend proactively blocking this DLL, with testing to make sure the block works and doesn't break other important things. We should still reach out to Sophos to stop injecting into the Firefox processes.
Depends on: 1329994
Blocklisting patch in bug 1329994.
(In reply to [:philipp] from comment #8)
> hi dees, do we have some relationship with sophos (or if not, could you help
> us setting something up)? thank you.

I'm making some efforts here — and I'll add :pdol to any possible leads.
Flags: needinfo?(dchinniah)
Whiteboard: [platform-rel-Sophos]
Track 51+ as this is related to vendor.
Update: Via the CTO of Sophos, I have been connected with the CTO of SurfRight, the Sophos HitmanPro vendor — and they have engaged via email. These threads should include all relevant folks from both sides.
Too late for 51, mark 51 as won't fix.
[Tracking Requested - why for this release]:
Carry over the tracking flag from 51.
The newest version of HitmanPro should have a fix for the crash: "We have made a fix for at least some of the crashes that were reported by the FireFox users. A new version (Build 582 Beta) of HitmanPro.Alert can be downloaded here: http://test.hitmanpro.com/hmpalert3b582.exe.".
Fixed by Sophos in their 582 version. See bug 1329994 comment 18.
Status: REOPENED → RESOLVED
Closed: 8 years ago7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.