Closed
Bug 1384327
Opened 7 years ago
Closed 7 years ago
Nightly & kaspersky antivirus cause a big issue at start-up
Categories
(External Software Affecting Firefox :: Other, defect, P2)
Tracking
(firefox55 unaffected, firefox56+ fixed, firefox57 fixed)
RESOLVED
WORKSFORME
Tracking | Status | |
---|---|---|
firefox55 | --- | unaffected |
firefox56 | + | fixed |
firefox57 | --- | fixed |
People
(Reporter: ratm6, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: regression, Whiteboard: [mozfr-community][sb+])
User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0 Build ID: 20170628075643 Steps to reproduce: I have Kaspersky Anti-virus 17.0.0.611(f) (same problem with KIS) I've installed 2017-07-18 nightly build then I've updated it to 2017-07-24 nightly build. Actual results: A lot of ffcert.exe windows with "missing profile" errors appeared with this latest build. Then it's impossible to run Nightly. With 2017-07-18 build there is NO problem. Expected results: The latest Nightly build should load correctly. I think Kaspersky is not in fault because I've just tried again to install and run older (2017-07-18) nightly build and all is fine.
Updated•7 years ago
|
Component: Untriaged → Other
Product: Firefox → External Software Affecting Firefox
Version: 56 Branch → unspecified
The bug is in the 2017-07-22 build (I made some tests). This build (win64) : https://archive.mozilla.org/pub/firefox/nightly/2017/07/2017-07-22-07-26-31-mozilla-central/
As far as I know, ffcert.exe seems to auto-install a Kaspersky certificate for Firefox at start-up, if it is not already done.
OS: Unspecified → Windows
Hardware: Unspecified → All
Whiteboard: [mozfr-community]
Comment 3•7 years ago
|
||
(In reply to Julien L. from comment #1) > The bug is in the 2017-07-22 build (I made some tests). > This build (win64) : > https://archive.mozilla.org/pub/firefox/nightly/2017/07/2017-07-22-07-26-31- > mozilla-central/ Did you check all the other builds between 07-18 and 07-22 as well? (i.e. is the 07-22 build the first one with the problem?)
Yes, here is my notes about that : 2017-07-23 bad 2017-07-22 bad 2017-07-21 good 2017-07-20 good 2017-07-19 good 2017-07-18 good So yes, 07-22 build is the first one with the problem.
Comment 5•7 years ago
|
||
Thanks, that means something in this range caused the problem: https://hg.mozilla.org/mozilla-central/pushloghtml?tochange=7ce557b85b611536b69539a7c18d4834ffc92eea&fromchange=0faada5c2f308f101ab7c54a87b3dce80b97d0e3
Comment 6•7 years ago
|
||
I'm going to guess this was caused by bug 1381577, it sounds like the sort of change that might move folders around and cause Kapersky's ffcert.exe to not find the profile. Could be something else though, not sure.
Flags: needinfo?(bugspam.Callek)
Comment 7•7 years ago
|
||
I don't forsee how our code could have caused that. It shouldn't be impacting to nightlies until today, the new nightly code signing cert itself was rotated on the 17th.
Flags: needinfo?(bugspam.Callek)
Comment 8•7 years ago
|
||
[Tracking Requested - why for this release]: Regression which will prevent any Kaspersky user to start firefox. This will also make their computer unusable, unless they force stop it. Thank you for filing this bug, Julien! I narrowed the regression to bug 1366694. On inbound, bed655e34ed939af69706116bbdb1d97b1f87c77 is clean, and 60ef4d9f30239938dc0769cab69c54f3ccbb7d3f is the first to fail[1] STEPS TO REPRODUCE 1. Download the most basic edition of Kaspersky from [2]. You can use the free trial (30 days) 2. Download a windows installer from bed655e34ed939af69706116bbdb1d97b1f87c77[3]. This is important to use the installer and make sure that Nightly is the default browser. Otherwise, Kaspersky won't try to mess up with certificates. This particular point made mozregression useless. 3. Install it. See that firefox boots up correctly. 4. Download the installer of the next push[4] and install it. RESULTS About 20 error windows pop up. They read: > Profile missing > Your Firefox profile cannot be loaded. It may be missing or inaccessible In the process manager, you may see more than 50 firefox.exe running. The whole system is clogged. I had to force shutdown my machine, each time I hit a bad build. [1] https://treeherder.mozilla.org/#/jobs?repo=mozilla-inbound&filter-job_type_symbol=B&filter-tier=1&filter-platform=win&fromchange=bed655e34ed939af69706116bbdb1d97b1f87c77&tochange=60ef4d9f30239938dc0769cab69c54f3ccbb7d3f [2] https://www.kaspersky.fr/antivirus [3] https://archive.mozilla.org/pub/firefox/tinderbox-builds/mozilla-inbound-win32/1500529701/firefox-56.0a1.en-US.win32.installer.exe [4] https://archive.mozilla.org/pub/firefox/tinderbox-builds/mozilla-inbound-win32/1500533480/firefox-56.0a1.en-US.win32.installer.exe
Blocks: 1366694
Status: UNCONFIRMED → NEW
status-firefox55:
--- → unaffected
status-firefox56:
--- → affected
tracking-firefox56:
--- → ?
Ever confirmed: true
Keywords: regression
Comment 9•7 years ago
|
||
Should we tell to Kaspersky about a new way to communicate with the Firefox processes, Bob?
Flags: needinfo?(bobowencode)
Comment 11•7 years ago
|
||
(In reply to Johan Lorenzo [:jlorenzo] from comment #9) > Should we tell to Kaspersky about a new way to communicate with the Firefox > processes, Bob? I don't think we provide any ways for AVs to communicate with us. From comment 2, my guess is that they inject some code into all the firefox.exe processes to do this check and the sandbox is preventing it in the child processes now and Kaspersky's code isn't handling that properly. I'm not really sure why that would cause lots of firefox processes to start. It's not clear to me why they have to do this through injected code, but if they do, couldn't they just do it for the main process and not any child processes.
Flags: needinfo?(bobowencode)
Comment 12•7 years ago
|
||
Do we know how they're injecting to stop it in at least ocntent processes?
Updated•7 years ago
|
Whiteboard: [mozfr-community] → [mozfr-community][sb?]
Comment 14•7 years ago
|
||
I just sent an email to two of our contact there. Waiting to hear back and will update the bug when there is news.
Flags: needinfo?(dchinniah)
Comment 15•7 years ago
|
||
> A lot of ffcert.exe windows with "missing profile" errors appeared with this
> latest build.
FYI, this exe is part of the Kaspersky install, it's not part of Firefox. Any failure in it is entirely the vendor's responsibility.
Comment 16•7 years ago
|
||
Tracy, please test to see if we can repo this in a vm. We might be able to reverse engineer what they're up to.
Flags: needinfo?(twalker)
Comment 17•7 years ago
|
||
We investigate the problem in Kaspersky Lab. Kaspersky products monitor the Fifefox.exe start, and launch ffcert.exe for installing certificate. In new FF build, sandbox process was implemented. As mentioned in comment 12, Kaspersky attempt to install certificate on sandbox process start, but due limited privileges, it is fail. We already fix it in dev version of Kaspersky software, we will install certificate only on main process start. Now we a planning to patch already released Kaspersky products. When you a going to release Firefox with sandbox processes? By the way, Kaspersky have a special email address for any issues, connected on Kaspersky products and browsers compatibility - BrowserIssues@kaspersky.com. Alexey Totmakov Head of Network Technologies Development Kaspersky Lab
Comment 18•7 years ago
|
||
Colleagues, will it be the robust method to determinate sandbox process, if we check parent on equality with firefox.exe? Or it will be better to analyze command line parameters?
Comment 19•7 years ago
|
||
The firefox.exe binary is used for both content and parent process. The XRE_IsContentProcess function returns the information you need.
Updated•7 years ago
|
Flags: needinfo?(twalker)
Comment 20•7 years ago
|
||
(In reply to Alexey Totmakov from comment #18) > Colleagues, > > will it be the robust method to determinate sandbox process, if we check > parent on equality with firefox.exe? > Or it will be better to analyze command line parameters? Command line params would be good, currently avoiding any firefox.exe process with -contentproc on the cammand line would work.
Comment 21•7 years ago
|
||
(In reply to Alexey Totmakov from comment #17) > We investigate the problem in Kaspersky Lab. > Kaspersky products monitor the Fifefox.exe start, and launch ffcert.exe for > installing certificate. In new FF build, sandbox process was implemented. As > mentioned in comment 12, Kaspersky attempt to install certificate on sandbox > process start, but due limited privileges, it is fail. > > We already fix it in dev version of Kaspersky software, we will install > certificate only on main process start. Now we a planning to patch already > released Kaspersky products. > > When you a going to release Firefox with sandbox processes? Planning to roll the current changes out in Firefox 56. https://wiki.mozilla.org/RapidRelease/Calendar > By the way, Kaspersky have a special email address for any issues, connected > on Kaspersky products and browsers compatibility - > BrowserIssues@kaspersky.com. > > Alexey Totmakov > Head of Network Technologies Development > Kaspersky Lab Thanks Alexey. ni to Dees for the email info.
Flags: needinfo?(dchinniah)
Thanks for the info, Alexey and Jim. Adam will reach out so we can setup a better channel for further engineering communication including the catch-all shared BrowserIssues@ email address. Dees
Flags: needinfo?(dchinniah) → needinfo?(astevenson)
Comment 23•7 years ago
|
||
(In reply to Jim Mathies [:jimm] from comment #21) > > When you a going to release Firefox with sandbox processes? > > Planning to roll the current changes out in Firefox 56. > > https://wiki.mozilla.org/RapidRelease/Calendar We are going to release patches for Kaspersky Internet Security 2017 and 2018 till the end of August.
Reporter | ||
Comment 24•7 years ago
|
||
(In reply to Alexey Totmakov from comment #23) > > We are going to release patches for Kaspersky Internet Security 2017 and > 2018 till the end of August. Please do not forget to patch KAV too :) Thanks.
Reporter | ||
Comment 25•7 years ago
|
||
Alexey, will you release a fix for that bug in Patch “C” for KAV/KIS/KTS/KFA 2018 ? That's not obvious to know in your forum web page. Thank you again.
Flags: needinfo?(alexey.totmakov)
Comment 26•7 years ago
|
||
(In reply to Julien L. from comment #24) > Please do not forget to patch KAV too :) > Thanks. Of course, the patch will apply to product line.
Flags: needinfo?(alexey.totmakov)
Comment 27•7 years ago
|
||
(In reply to Julien L. from comment #25) > Alexey, will you release a fix for that bug in Patch “C” for KAV/KIS/KTS/KFA > 2018 ? That's not obvious to know in your forum web page. Thank you again. Correct, patch C.
Updated•7 years ago
|
Flags: needinfo?(astevenson)
Updated•7 years ago
|
Flags: needinfo?(astevenson)
Comment 28•7 years ago
|
||
..waiting on confirmation of the fix.
Updated•7 years ago
|
status-firefox57:
--- → affected
Comment 29•7 years ago
|
||
I'm having this problem with the versions FirefoxDev x64 windows 56.0b1 and 55.0b9, I'm having KIS 17.0.0.611. But with normal Firefox, not problem.
Reporter | ||
Comment 30•7 years ago
|
||
Problem solved with Beta 56.0, Nightly 57.0, KAV 17.0.0.611 and patch G (on my computer of course).
Flags: needinfo?(jmathies)
Comment 31•7 years ago
|
||
(In reply to Julien L. from comment #30) > Problem solved with Beta 56.0, Nightly 57.0, KAV 17.0.0.611 and patch G (on > my computer of course). any idea when this will be released?
Flags: needinfo?(jmathies)
Comment 32•7 years ago
|
||
We published patch G for Kaspersky Internet Security 2017 and patch C for Kaspersky Internet Security 2018. The patches should fix the problem. Please check is it true. Patch for Kaspersky Internet Security 2016 will be available in September.
Comment 33•7 years ago
|
||
Could you provide a more specific date for when the fix will be available?
Flags: needinfo?(alexey.totmakov)
Comment 35•7 years ago
|
||
(In reply to Panos Astithas [:past] (56 Regression Engineering Owner) (please ni?) from comment #33) > Could you provide a more specific date for when the fix will be available? Patch for KIS2016MR1 will be available to the end of September.
Flags: needinfo?(alexey.totmakov)
Comment 36•7 years ago
|
||
Firefox 56 release date will be Sept. 26. I think that is close enough that we don't need to block the 2016 version.
Comment 37•7 years ago
|
||
(In reply to Liz Henry (:lizzard) (needinfo? me) from comment #36) > Firefox 56 release date will be Sept. 26. I think that is close enough that > we don't need to block the 2016 version. Agree, we are going to fully publish to September 20.
Updated•7 years ago
|
Flags: needinfo?(lhenry)
Updated•7 years ago
|
Flags: needinfo?(astevenson)
Comment 38•7 years ago
|
||
We published patch I for Kaspersky Internet Security 2016MR1. From now, all Kaspersky supported products compatible with Firefox 56 sandbox process.
Comment 39•7 years ago
|
||
Andrei can you verify that this is now fixed?
Flags: needinfo?(andrei.vaida)
Updated•7 years ago
|
relnote-firefox:
--- → ?
Comment 40•7 years ago
|
||
We haven't seen any duplicate reports here, and some possibly related crashes correlated with Kaspersky were fixed in bug 1268470. I'm not sure this is worth a release note yet, though we can revisit that if it becomes a problem after the 64-bit migration (after 56 release). So, keeping this bug tracked for 56 till we have more information.
Comment 41•7 years ago
|
||
I can confirm this issue is no longer reproducible. I verified using Fx 56.0-build 6 (build ID: 20170926190823), Fx 57.0b3 (build ID: 20170925150345) and Fx 58.0a1 ( build ID: 20170927100120) on Windows 10 x64.
Flags: needinfo?(andrei.vaida)
Updated•7 years ago
|
Priority: -- → P2
Whiteboard: [mozfr-community][sb?] → [mozfr-community][sb+]
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
Updated•7 years ago
|
Blocks: injecteject
Updated•7 years ago
|
I am assuming relnote'ing this is not needed anymore. Liz, please correct me if I am wrong.
relnote-firefox:
? → ---
Flags: needinfo?(lhenry)
Comment 43•7 years ago
|
||
I believe the fix shipped before most folks updated, all good here and no relnote needed.
Flags: needinfo?(lhenry)
Updated•6 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•