Crash in guard64.dll@0x49bb (Comodo Internet Security DLL)
Categories
(External Software Affecting Firefox :: Other, defect, P3)
Tracking
(relnote-firefox 56+, firefox-esr52 wontfix, firefox56 wontfix, firefox57+ wontfix, firefox58 wontfix, firefox61 wontfix, firefox62 wontfix, firefox79 fixed)
People
(Reporter: cpeterson, Assigned: toshi, NeedInfo)
References
Details
(Keywords: crash, regression, Whiteboard: [AV:Comodo Internet Security])
Crash Data
Attachments
(2 files)
This bug was filed from the Socorro interface and is report bp-92d15a71-7003-42a1-b20e-c8ee60171011. ============================================================= There were about 60+ crash reports with this Comodo DLL signature over the last week. Another Comodo guard64.dll crash, bug 1274630, was fixed by Comodo last year.
Reporter | ||
Comment 1•7 years ago
|
||
[Tracking Requested - why for this release]: @ Robin, what is the current version of Comodo internet security software for Firefox? We see a few dozen crash reports from 64-bit Firefox users on Win64. Nearly all of these crashes have facebook.com URLs and the following guard64.dll versions: 8.2.0.4703 8.4.0.5068 10.0.1.6258 We will probably see more of these crash reports soon because we have started migrating 32-bit Firefox users to 64-bit.
Comment 2•7 years ago
|
||
Hi Chris, adding Sergey Kazakov who I think can provide the information you require. Regards Robin Alden Comodo CA Ltd.
Tracked for 57. If the crash volume doesn't increase with a broader 56 rollout, we may wontfix for 57.
8.2.04703 is a very old comodo release, is there any crash report from 10.x? Regards Haibo
Reporter | ||
Comment 5•7 years ago
|
||
(In reply to Haibo from comment #4) > 8.2.04703 is a very old comodo release, is there any crash report from 10.x? I don't see any crash reports with guard64.dll version 10.x. Nearly all of them are from 8.2.x and 8.4.x. Can users with 8.2 and 8.4 update to 10.x? Or does 10.x drop support for some Windows versions or require users to purchase a new license?
(In reply to Chris Peterson [:cpeterson] from comment #5) > (In reply to Haibo from comment #4) > > 8.2.04703 is a very old comodo release, is there any crash report from 10.x? > > I don't see any crash reports with guard64.dll version 10.x. Nearly all of > them are from 8.2.x and 8.4.x. > > Can users with 8.2 and 8.4 update to 10.x? Or does 10.x drop support for > some Windows versions or require users to purchase a new license? CIS 8 users can update to CIS 10, no additional license required.
Reporter | ||
Comment 7•7 years ago
|
||
(In reply to Haibo from comment #6) > CIS 8 users can update to CIS 10, no additional license required. Thanks. I will ask affected users to update to the latest version of CIS. I wonder whether we should block the old DLL versions like 8.2.0.4703 and 8.4.0.5068. About 50% of the crashes had an uptime of 15 or more minutes, so it's not a fatal startup crash for most users. I also see some guard32.dll crashes from 32-bit Firefox.
Comment 8•7 years ago
|
||
In bug 1274630, philipp tested that blocklisting didn't work for Comodo. It would be worth retesting now that bug 1322554 landed.
Comment 9•7 years ago
|
||
Added to the release notes with "Some third party software (Comodo Internet Security, Kaspersky, Quick Heal Antivirus) are known to cause issues with Firefox 64-bit. These vendors have published new releases which addresses the issues." as wording
Comment 10•7 years ago
|
||
(In reply to Marco Castelluccio [:marco] from comment #8) > In bug 1274630, philipp tested that blocklisting didn't work for Comodo. It > would be worth retesting now that bug 1322554 landed. i retested it, but still wasn't successful in getting guard32.dll out of the process through blocklisting unfortunately
Comment 11•7 years ago
|
||
I think, given that blocklisting doesn't work, we won't be able to fix this for 57.
![]() |
||
Updated•7 years ago
|
Comment 12•7 years ago
|
||
Here are the versions of guard64.dll for crash reports over the past 2 weeks that have the dll in the signature: [(u'8.2.0.4703', 517), (u'8.2.0.5027', 137), (u'8.2.0.4978', 130), (u'1.1.20283.43', 92), (u'8.2.0.5005', 70), (u'8.2.0.4591', 58), (u'8.4.0.5068', 56), (u'8.2.0.4508', 52), (u'1.2.28809.92', 44), (u'1.1.11545.40', 41), (u'10.0.1.6294', 40), (u'1.2.31435.94', 31), (u'8.2.0.4674', 28), (u'8.2.0.4993', 26), (u'1.1.7388.29', 20), (u'1.1.20635.97', 15), (u'8.2.0.4710', 15), (u'10.0.1.6223', 14), (u'10.0.1.6258', 11), (u'5.10.31649.2253', 10), (u'1.2.26400.81', 9), (u'1.13.35980.569', 7), (u'1.1.12544.79', 6), (u'1.1.28441.99', 6), (u'1.2.28285.88', 5), (u'8.4.0.5165', 5), (u'8.1.0.4463', 4), (u'8.2.0.4664', 4), (u'8.0.4192.4705', 3), (u'5.8.15089.2124', 3), (u'10.0.0.6092', 3), (u'8.2.0.4851', 2), (u'8.2.0.4474', 2), (u'5.9.23139.2195', 2), (u'8.1.0.4712', 1), (u'8.3.0.5035', 1), (u'10.0.1.6233', 1), (u'10.0.1.6246', 1), (u'5.12.59641.2599', 1), (u'8.3.0.4997', 1), (u'1.13.31591.562', 1), (u'1.1.11546.41', 1), (u'5.5.64714.1382', 1), (u'6.3.32439.2937', 1), (u'10.0.1.6209', 1), (u'1.12.28414.537', 1), (u'1.1.4212.24', 1)]
Updated•6 years ago
|
Comment 13•5 years ago
|
||
Closing because no crashes reported for 12 weeks.
Updated•5 years ago
|
Assignee | ||
Comment 14•4 years ago
|
||
We've blocked guard64.dll version < 5.12.59641.2599 as bug 1624336. The module's version in the crash instances with this signature is mainly 8.2.x.x and 8.4.x.x. The current version of guard64.dll available on https://personalfirewall.comodo.com/ is v12.2.2.7032, so the versions causing this issue are still old. I noticed the latest version cannot be installed on Win7, meaning Win7 users cannot upgrade Comodo unless they upgrade OS to Win10.
The crash reason of this signature is EXCEPTION_STACK_BUFFER_OVERRUN
. Analyzing a couple of the dumps, I can see the stack area is almost filled with a long (~32kb) string that looks representing a url string. The crashing thread went inside guard64.dll's code via xul!mozilla::net::nsHttpConnection::OnReadSegment
. I guess the root cause is guard64.dll's function (probably hooking nss3!PR_Write
) cannot handle a very long string.
Assignee | ||
Comment 15•4 years ago
|
||
Assignee | ||
Comment 16•4 years ago
|
||
Updated•4 years ago
|
Comment 17•4 years ago
|
||
Pushed by dluca@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/5daace778259 Block more versions of guard64.dll of Comodo Firewall. r=gcp
Comment 18•4 years ago
|
||
bugherder |
Description
•