Crash when copying content



External Software Affecting Firefox
a year ago
5 months ago


(Reporter: dveditz, Unassigned)


({crash, testcase})

Firefox Tracking Flags

(Not tracked)


(Whiteboard: [AV:symantec clipboard monitoring?])


(2 attachments)



a year ago
Created attachment 8818697 [details]

Javid Hussain wrote to the security alias to report a Firefox crash with two files that look like the result of fuzzing. The crashing system was

Firefox ESR 45.5.1 and ESR 45.6
Windows 7 64-bit

I could not reproduce with a Mac ESR 45.6 or Firefox 50.1

Comment 1

a year ago
Created attachment 8818698 [details]

Comment 2

a year ago
I could not reproduce this on a Lenovo Thinkpad 64-bit Windows 7 with either 32-bit or 64-bit builds of ESR-45.6, with either testcase.

I may be misunderstanding the testcases. They don't crash on load, nor do they crash if I follow the instructions in the file and type "Ctrl-A Ctrl-C" to copy everything.
Last Resolved: a year ago
Resolution: --- → WORKSFORME

Comment 3

a year ago
The reporter supplied a crash-stats link (bp-a901a578-7a1e-4b62-8c58-29bae2161215) that shows this is crashing in Flash. Mysteriously there is no <object> or <embed> in either testcase, nor <script> which could be used to dynamically change the page. I'd like to blame extensions (maybe a debugging or testing framework?) but the reporter says he can reproduce the crash even in safe-mode which ought to disable all extensions.

His copy of Flash is the latest one available from Adobe's site:

I also noticed IPSEng32.dll in the module list, Symantec's intrusion detection library. That could be injecting content and has been known to cause crashes in the past. According to one of our support threads you could try disabling or removing freecorder if you have that:

Norton's IPS is also been known to cause problems for other browsers:

They are trying to be far too clever poking into the black box of browser internals and break often as browsers update to add new features or fix bugs.
Group: firefox-core-security → core-security
Component: Untriaged → Flash (Adobe)
Product: Firefox → External Software Affecting Firefox
Resolution: WORKSFORME → ---
Version: 45 Branch → unspecified

Comment 4

a year ago
This is crashing with the reason EXCEPTION_BREAKPOINT so it's likely an intentional self-crash on Flash's part and not exploitable.
Whiteboard: Can't repro--crashing in flash but no flash in the testcase.

Comment 5

a year ago
Please report back after disabling or removing freecorder, or trying to disable IPSEng.dll temporarily. Would also be worth trying this on the latest Firefox release (50.1) rather than the old ESR branch: it's possible Norton is updating to keep it working on the version used by the vast majority of users and not worrying too much about the relatively small ESR population (or maybe they have a different version of their corporate product that does worry about ESR).
Flags: needinfo?(javidhussain3)

Comment 6

a year ago
Hey Daniel,

I didn't have freecorder, disabled the IPSEng32.dll as well as the the Symantec Endpoint Protection. I still got crash. The crash ID is

The crash report seems different now. Please have a look.

Will try to work on Firefox latest and will keep you posted.



a year ago
Group: core-security → core-security-release

Comment 7

a year ago
Based on clpbm.dll being in the crash stack I'm still blaming symantec. That's apparently part of their clipboard monitoring tool (which makes sense given that copying is part of this testcase).

Comment 8

a year ago
Sorry for my late reply, i was on a long holiday.

Crash is happening due to the clpbm.dll and IPSEng32.dll files.

Is there any way firefox is going to patch this issue or do we need to uninstall Symantec products?
As per discussion, likely Symantec issue, no known security impact here.
Group: core-security-release
Component: Flash (Adobe) → Other


5 months ago
Flags: needinfo?(javidhussain3)
Priority: -- → P3
Summary: ESR-45 crash → Crash when copying content
Whiteboard: Can't repro--crashing in flash but no flash in the testcase. → [AV:symantec clipboard monitoring?]
You need to log in before you can comment on or make changes to this bug.