Closed Bug 1428603 Opened 8 years ago Closed 8 years ago

Crash in SSL_SetNextProtoNego | rlls64.dll@0x72bf5

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
Unspecified
Windows 10
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1429426

People

(Reporter: jseward, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-dae5f527-152b-4f59-8f05-90e7b0180105. ============================================================= Top 10 frames of crashing thread: 0 @0x2 1 nss3.dll SSL_SetNextProtoNego security/nss/lib/ssl/sslsock.c:1987 2 rlls64.dll rlls64.dll@0x72bf5 3 xul.dll nsNSSSocketInfo::SetNPNList security/manager/ssl/nsNSSIOLayer.cpp:615 4 xul.dll mozilla::net::nsHttpConnection::SetupNPNList netwerk/protocol/http/nsHttpConnection.cpp:811 5 xul.dll mozilla::net::nsHttpConnection::InitSSLParams netwerk/protocol/http/nsHttpConnection.cpp:940 6 xul.dll mozilla::net::nsHttpConnection::SetupSSL netwerk/protocol/http/nsHttpConnection.cpp:769 7 xul.dll mozilla::net::nsHttpConnection::IsAlive netwerk/protocol/http/nsHttpConnection.cpp:1056 8 xul.dll mozilla::net::nsHttpConnection::CanReuse netwerk/protocol/http/nsHttpConnection.cpp:996 9 xul.dll mozilla::net::nsHttpConnectionMgr::OnMsgReclaimConnection netwerk/protocol/http/nsHttpConnectionMgr.cpp:2765 ============================================================= This is topcrash #17 in the Windows nightly 20180104220114. It's a single instance (installation) crash. The cause for concern here is that it appears something (rlls64.dll rlls64.dll@0x72bf5, see frame 2) has inserted itself in the call chain between nsNSSSocketInfo::SetNPNList and SetNextProtoNego, which seems ungood. The same thing happened in topcrash #15 of the same build, except that the alien frame is from pmls64.dll@0x72bf5. Otherwise looks identical. This is not the same installation as for topcrash #17.
Flags: needinfo?(fbraun)
I'm not sure what you're asking of me, Julian. Is this a suggestion to block list the URL? If so, we should move this bug into Toolkit: Blocklisting. FWIW, according to a cursory web search, both filenames are known adware that is commonly removed from AntiVirus. rlls64.dl might be the Ask Toolbar. I'm CCing Dan Veditz to help find out if we need to talk to vendors before blocking and what the process is, generally as I' m usually not involved.
Flags: needinfo?(fbraun)
It looks as if this is the same crash that Dragana just addressed in Bug 1429426.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Group: core-security
You need to log in before you can comment on or make changes to this bug.