Closed Bug 1407712 Opened 7 years ago Closed 4 years ago

Crash in guard64.dll@0x49bb (Comodo Internet Security DLL)

Categories

(External Software Affecting Firefox :: Other, defect, P3)

Product:
External Software Affecting Firefox
Component:
Other
Platform:
x86_64
Windows
Type:
defect

Tracking

(relnote-firefox 56+, firefox-esr52 wontfix, firefox56 wontfix, firefox57+ wontfix, firefox58 wontfix, firefox61 wontfix, firefox62 wontfix, firefox79 fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
relnote-firefox --- 56+
firefox-esr52 --- wontfix
firefox56 --- wontfix
firefox57 + wontfix
firefox58 --- wontfix
firefox61 --- wontfix
firefox62 --- wontfix
firefox79 --- fixed

People

(Reporter: cpeterson, Assigned: toshi, NeedInfo)

References

Details

(Keywords: crash, regression, Whiteboard: [AV:Comodo Internet Security])

Crash Data

Attachments

(2 files)

bug1407712-request-to-block-guard64.txt
1.24 KB, text/plain
Details
Bug 1407712 - Block more versions of guard64.dll of Comodo Firewall. r=gcp
47 bytes, text/x-phabricator-request
Details | Review 
This bug was filed from the Socorro interface and is 
report bp-92d15a71-7003-42a1-b20e-c8ee60171011.
=============================================================

There were about 60+ crash reports with this Comodo DLL signature over the last week.

Another Comodo guard64.dll crash, bug 1274630, was fixed by Comodo last year.
[Tracking Requested - why for this release]:

@ Robin, what is the current version of Comodo internet security software for Firefox?

We see a few dozen crash reports from 64-bit Firefox users on Win64. Nearly all of these crashes have facebook.com URLs and the following guard64.dll versions:

8.2.0.4703
8.4.0.5068
10.0.1.6258

We will probably see more of these crash reports soon because we have started migrating 32-bit Firefox users to 64-bit.
tracking-firefox57: --- → ?
Flags: needinfo?(robin)
Hi Chris, adding Sergey Kazakov who I think can provide the information you require.

Regards
Robin Alden
Comodo CA Ltd.
Flags: needinfo?(robin) → needinfo?(sergey.kazakov)
Tracked for 57. If the crash volume doesn't increase with a broader 56 rollout, we may wontfix for 57.
tracking-firefox57: ?+
8.2.04703 is a very old comodo release, is there any crash report from 10.x?
Regards
Haibo
(In reply to Haibo from comment #4)
> 8.2.04703 is a very old comodo release, is there any crash report from 10.x?

I don't see any crash reports with guard64.dll version 10.x. Nearly all of them are from 8.2.x and 8.4.x.

Can users with 8.2 and 8.4 update to 10.x? Or does 10.x drop support for some Windows versions or require users to purchase a new license?
Crash Signature: [@ guard64.dll@0x49bb] → [@ guard64.dll@0x48fb] [@ guard64.dll@0x49bb]
See Also: → 1367726
(In reply to Chris Peterson [:cpeterson] from comment #5)
> (In reply to Haibo from comment #4)
> > 8.2.04703 is a very old comodo release, is there any crash report from 10.x?
> 
> I don't see any crash reports with guard64.dll version 10.x. Nearly all of
> them are from 8.2.x and 8.4.x.
> 
> Can users with 8.2 and 8.4 update to 10.x? Or does 10.x drop support for
> some Windows versions or require users to purchase a new license?

CIS 8 users can update to CIS 10, no additional license required.
(In reply to Haibo from comment #6)
> CIS 8 users can update to CIS 10, no additional license required.

Thanks. I will ask affected users to update to the latest version of CIS.

I wonder whether we should block the old DLL versions like 8.2.0.4703 and 8.4.0.5068. About 50% of the crashes had an uptime of 15 or more minutes, so it's not a fatal startup crash for most users.

I also see some guard32.dll crashes from 32-bit Firefox.
status-firefox-esr52: ?affected
In bug 1274630, philipp tested that blocklisting didn't work for Comodo. It would be worth retesting now that bug 1322554 landed.
Flags: needinfo?(madperson)
Added to the release notes with
"Some third party software (Comodo Internet Security, Kaspersky, Quick Heal Antivirus) are known to cause issues with Firefox 64-bit. These vendors have published new releases which addresses the issues."
as wording
relnote-firefox: --- → 56+
(In reply to Marco Castelluccio [:marco] from comment #8)
> In bug 1274630, philipp tested that blocklisting didn't work for Comodo. It
> would be worth retesting now that bug 1322554 landed.

i retested it, but still wasn't successful in getting guard32.dll out of the process through blocklisting unfortunately
Flags: needinfo?(madperson)
I think, given that blocklisting doesn't work, we won't be able to fix this for 57.
status-firefox56: affectedwontfix
status-firefox57: affectedwontfix
status-firefox-esr52: affectedwontfix
Whiteboard: [AV:Comodo Internet Security]
Here are the versions of guard64.dll for crash reports over the past 2 weeks that have the dll in the signature:
[(u'8.2.0.4703', 517),
 (u'8.2.0.5027', 137),
 (u'8.2.0.4978', 130),
 (u'1.1.20283.43', 92),
 (u'8.2.0.5005', 70),
 (u'8.2.0.4591', 58),
 (u'8.4.0.5068', 56),
 (u'8.2.0.4508', 52),
 (u'1.2.28809.92', 44),
 (u'1.1.11545.40', 41),
 (u'10.0.1.6294', 40),
 (u'1.2.31435.94', 31),
 (u'8.2.0.4674', 28),
 (u'8.2.0.4993', 26),
 (u'1.1.7388.29', 20),
 (u'1.1.20635.97', 15),
 (u'8.2.0.4710', 15),
 (u'10.0.1.6223', 14),
 (u'10.0.1.6258', 11),
 (u'5.10.31649.2253', 10),
 (u'1.2.26400.81', 9),
 (u'1.13.35980.569', 7),
 (u'1.1.12544.79', 6),
 (u'1.1.28441.99', 6),
 (u'1.2.28285.88', 5),
 (u'8.4.0.5165', 5),
 (u'8.1.0.4463', 4),
 (u'8.2.0.4664', 4),
 (u'8.0.4192.4705', 3),
 (u'5.8.15089.2124', 3),
 (u'10.0.0.6092', 3),
 (u'8.2.0.4851', 2),
 (u'8.2.0.4474', 2),
 (u'5.9.23139.2195', 2),
 (u'8.1.0.4712', 1),
 (u'8.3.0.5035', 1),
 (u'10.0.1.6233', 1),
 (u'10.0.1.6246', 1),
 (u'5.12.59641.2599', 1),
 (u'8.3.0.4997', 1),
 (u'1.13.31591.562', 1),
 (u'1.1.11546.41', 1),
 (u'5.5.64714.1382', 1),
 (u'6.3.32439.2937', 1),
 (u'10.0.1.6209', 1),
 (u'1.12.28414.537', 1),
 (u'1.1.4212.24', 1)]

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
Status: RESOLVED → REOPENED
Crash Signature: [@ guard64.dll@0x48fb] [@ guard64.dll@0x49bb] → [@ guard64.dll@0x48fb] [@ guard64.dll@0x49bb] [@ guard64.dll]
Resolution: WORKSFORME → ---
See Also: → 1624336

We've blocked guard64.dll version < 5.12.59641.2599 as bug 1624336. The module's version in the crash instances with this signature is mainly 8.2.x.x and 8.4.x.x. The current version of guard64.dll available on https://personalfirewall.comodo.com/ is v12.2.2.7032, so the versions causing this issue are still old. I noticed the latest version cannot be installed on Win7, meaning Win7 users cannot upgrade Comodo unless they upgrade OS to Win10.

The crash reason of this signature is EXCEPTION_STACK_BUFFER_OVERRUN. Analyzing a couple of the dumps, I can see the stack area is almost filled with a long (~32kb) string that looks representing a url string. The crashing thread went inside guard64.dll's code via xul!mozilla::net::nsHttpConnection::OnReadSegment. I guess the root cause is guard64.dll's function (probably hooking nss3!PR_Write) cannot handle a very long string.

Assignee: nobody → tkikuchi
Pushed by dluca@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5daace778259
Block more versions of guard64.dll of Comodo Firewall. r=gcp

https://hg.mozilla.org/mozilla-central/rev/5daace778259

Status: REOPENED → RESOLVED
Closed: 5 years ago4 years ago
status-firefox79: --- → fixed
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: