I received this report via email from a family member affected. She's running 32-bit Firefox on 64-bit Win7. Earlier today, she went to start Firefox and was greeted with a notice that the application was no longer on the C drive. Clicking a link in an external program resulted in a similar "application not found" message. She did some investigating, and saw that Program Files (x86)\Mozilla Firefox only had 4 subdirectories: browser\plugins, components, jsloader, and jssubloader. The last modified time on browser was today, about an hour before she tried to open Firefox. The maintenance service install directory was modified about 20 minutes before that. She has since re-installed Firefox, and everything appears fine (no profile corruption or anything). I know this is a pretty vague bug report, but it's what we have to go on.
jsloader and jssubloader indicate that some contents of an omni.ja got unpacked.
Component: General → Application Update
Product: Firefox → Toolkit
Another few bits of information - got another email this morning. She talked to a coworker down the hall from her (these are on managed machines at a large public university) and the same thing happened to him. I asked about any av installed on the machines, and she said they have malwarebytes installed by their IT department, and both she and the other affected person have installed ccleaner on their own (yes, they're allowed admin-enough-to-install-stuff access on managed machines - I don't entirely get it either). There's also "System Center Endpoint Protection", though that comes from Microsoft, and so seems slightly less suspicous as a culprit, to me.
(In reply to Sebastian Hengst [:aryx][:archaeopteryx] (needinfo on intermittent or backout) from comment #1) > jsloader and jssubloader indicate that some contents of an omni.ja got > unpacked. Right, and that's the part that really makes this weird. The maintenance service and the updater lack the code to even be able to unpack the omni.ja, and I'm not aware of any regular browser code that tries to do so either. Plus it couldn't anyway without something else strange going on, because the browser wouldn't normally have permission to write inside Program Files. I don't think either MalwareBytes or CCleaner would be invasive enough to make something like this happen, at least not by default; they'd better not be, since I run both on my own systems. I don't know what functionality System Center has, but being a Microsoft management tool I would expect it to be highly configurable; lacking any other information, that product and its configuration would be the first thing I would investigate, were I this organization's IT department.
Just talked to the family again. I'm not sure if it's System Center Endpoint Protection or something else, but apparently their IT department ran something that day that searched for outdated software and removed it from all their PCs. This software apparently didn't recognize Firefox, so decided to mess around with it.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.