Created attachment 8818697 [details] FFCrashtest.html Javid Hussain wrote to the security alias to report a Firefox crash with two files that look like the result of fuzzing. The crashing system was Firefox ESR 45.5.1 and ESR 45.6 Windows 7 64-bit Lenovo I could not reproduce with a Mac ESR 45.6 or Firefox 50.1
I could not reproduce this on a Lenovo Thinkpad 64-bit Windows 7 with either 32-bit or 64-bit builds of ESR-45.6, with either testcase. I may be misunderstanding the testcases. They don't crash on load, nor do they crash if I follow the instructions in the file and type "Ctrl-A Ctrl-C" to copy everything.
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → WORKSFORME
The reporter supplied a crash-stats link (bp-a901a578-7a1e-4b62-8c58-29bae2161215) that shows this is crashing in Flash. Mysteriously there is no <object> or <embed> in either testcase, nor <script> which could be used to dynamically change the page. I'd like to blame extensions (maybe a debugging or testing framework?) but the reporter says he can reproduce the crash even in safe-mode which ought to disable all extensions. His copy of Flash is the latest one available from Adobe's site: 126.96.36.199 I also noticed IPSEng32.dll in the module list, Symantec's intrusion detection library. That could be injecting content and has been known to cause crashes in the past. According to one of our support threads you could try disabling or removing freecorder if you have that: https://support.mozilla.org/en-US/questions/1084393 https://support.mozilla.org/en-US/questions/1086798 Norton's IPS is also been known to cause problems for other browsers: https://support.norton.com/sp/en/us/home/current/solutions/v108623038_EndUserProfile_en_us They are trying to be far too clever poking into the black box of browser internals and break often as browsers update to add new features or fix bugs.
Group: firefox-core-security → core-security
Status: RESOLVED → REOPENED
Component: Untriaged → Flash (Adobe)
Product: Firefox → External Software Affecting Firefox
Resolution: WORKSFORME → ---
Version: 45 Branch → unspecified
This is crashing with the reason EXCEPTION_BREAKPOINT so it's likely an intentional self-crash on Flash's part and not exploitable.
Whiteboard: Can't repro--crashing in flash but no flash in the testcase.
Please report back after disabling or removing freecorder, or trying to disable IPSEng.dll temporarily. Would also be worth trying this on the latest Firefox release (50.1) rather than the old ESR branch: it's possible Norton is updating to keep it working on the version used by the vast majority of users and not worrying too much about the relatively small ESR population (or maybe they have a different version of their corporate product that does worry about ESR).
Hey Daniel, I didn't have freecorder, disabled the IPSEng32.dll as well as the the Symantec Endpoint Protection. I still got crash. The crash ID is https://crash-stats.mozilla.com/report/index/ad00c415-8a11-4575-990f-c1efd2161216 The crash report seems different now. Please have a look. Will try to work on Firefox latest and will keep you posted. Thanks.
Group: core-security → core-security-release
Based on clpbm.dll being in the crash stack I'm still blaming symantec. That's apparently part of their clipboard monitoring tool (which makes sense given that copying is part of this testcase). https://support.symantec.com/en_US/article.TECH219983.html
Sorry for my late reply, i was on a long holiday. Crash is happening due to the clpbm.dll and IPSEng32.dll files. Is there any way firefox is going to patch this issue or do we need to uninstall Symantec products?
As per discussion, likely Symantec issue, no known security impact here.
Component: Flash (Adobe) → Other
Priority: -- → P3
Summary: ESR-45 crash → Crash when copying content
Whiteboard: Can't repro--crashing in flash but no flash in the testcase. → [AV:symantec clipboard monitoring?]
You need to log in before you can comment on or make changes to this bug.