Closed
Bug 1395073
Opened 7 years ago
Closed 6 years ago
Crash in mozilla::a11y::DocAccessibleWrap::QueryInterface with Sandboxie (SbieDll.dll)
Categories
(Core :: Disability Access APIs, defect, P2)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: kanru, Assigned: eeejay)
Details
(Keywords: crash, csectype-wildptr, sec-high)
Crash Data
This bug was filed from the Socorro interface and is report bp-41654307-d4ca-48ca-830c-e07ae0170830. ============================================================= A low volume crash that started on 20170818100226 build.
Comment 1•7 years ago
|
||
This sounds like it could be a regression from recent E10S landings by Aaron. Putting this onto our list for triage.
Whiteboard: aes+
Comment 2•7 years ago
|
||
Current correlations show: (100.0% in signature vs 00.10% overall) Module "SbieDll.dll" = true Which is apparently for sandboxie.
Comment 5•7 years ago
|
||
crashes aren't all nullptrs; it's hitting some real addresses, and also some 0xNN00000 type addresses.
Group: core-security
Keywords: csectype-wildptr,
sec-high
Updated•7 years ago
|
Group: core-security → layout-core-security
Comment 7•7 years ago
|
||
Eitan can you see if you can recreate this in a vm, by installing sandboxie and testing with FF? We may need to block SbieDll.dll but we'll want to test what happens in that case too. Additionally I want to know if sandboxie is uncovering a bug we should fix on our side.
Flags: needinfo?(dbolter) → needinfo?(eitan)
Assignee | ||
Comment 8•7 years ago
|
||
Playing with Sandboxie now. I don't see any obvious case where it instantiates a11y. Tried all kinds of options. I'll play with it more tomorrow.
Comment 9•7 years ago
|
||
Volume increasing now that we've released 57. Almost all of the crashes are EXCEPTION_ACCESS_VIOLATION_WRITE which is concerning.
Assignee: nobody → eitan
Comment 10•6 years ago
|
||
Eitan, you said you'd play some more. Did you forget to play or forget to update the bug? :)
Assignee | ||
Comment 11•6 years ago
|
||
I can't get a11y to instantiate, let alone a crash. I'm afraid I'm out of my depth in this one.
Flags: needinfo?(eitan)
Assignee | ||
Comment 12•6 years ago
|
||
Maybe putting SbieDll.dll in our block list would help?
Comment 13•6 years ago
|
||
One comment, translated from German "Seems to be a problem within - Sandboxie 5.22 64-bit. Firefox outside Sandboxie works normally. Tab crashes immediately after program call. Repeated Sandbox deleted, Sandboxie restarted. No change." For the same sig, I see some client detection for rf-chrome-nm-host.exe|8.4.6.6 The Correlations tab doesn't seem to be worked right now...?
Comment 14•6 years ago
|
||
I suppose we could blacklist the Sandboxie DLLs to increase stability. But then people using Firefox with Sandboxie will feel their user intent is … overridden by Firefox, which might be a new, different cause of frustration. I'd suggest creating an article (SUMO?) if we did so and explain why people can't use Firefox with Sandboxie and that we already have our own sandbox anyway. On another note, it seems this is not really sec-high, if users need to run Firefox in an unsupported setup. Injecting a DLL is quite a heavy-weight change - especially in contrast to config / pref changes we see more often.
Comment 15•6 years ago
|
||
The usage of sandboxie might not be entirely for security reasons, but to have some kind of "Portable Install", in which case they don't necessarily care we have our own sandbox.
Comment 16•6 years ago
|
||
My take - we don't support this configuration, and we're not going to do anything to help here. I'd suggest wontfixing this and opening it up so users of this sandboxie thing can find this bug.
Comment 17•6 years ago
|
||
(In reply to Jim Mathies [:jimm] from comment #16) > My take - we don't support this configuration, and we're not going to do > anything to help here. I'd suggest wontfixing this and opening it up so > users of this sandboxie thing can find this bug. I'm leaning to disagree. Dan?
Flags: needinfo?(dveditz)
Comment 18•6 years ago
|
||
Ugh. I meant to say I'm leaning to *agree*. I think we can wontfix this.
Updated•6 years ago
|
Group: layout-core-security
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(dveditz)
Resolution: --- → WONTFIX
Summary: Crash in mozilla::a11y::DocAccessibleWrap::QueryInterface → Crash in mozilla::a11y::DocAccessibleWrap::QueryInterface with Sandboxie (SbieDll.dll)
You need to log in
before you can comment on or make changes to this bug.
Description
•