Crash in [@ LdrpMapAndSnapDependency] | WebRoot AV
Categories
(External Software Affecting Firefox :: Other, defect)
Tracking
(firefox89 fixed)
Tracking | Status | |
---|---|---|
firefox89 | --- | fixed |
People
(Reporter: gsvelto, Assigned: toshi)
References
Details
(Keywords: crash)
Crash Data
Attachments
(2 files)
Crash report: https://crash-stats.mozilla.org/report/index/ff7e6c4b-a0c1-48da-92cb-0942b0210320
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 9 frames of crashing thread:
0 @0x56b0000
1 ntdll.dll LdrpMapAndSnapDependency
2 ntdll.dll LdrpMapDllWithSectionHandle
3 ntdll.dll LdrpMapDllNtFileName
4 ntdll.dll LdrpMapDllFullPath
5 ntdll.dll LdrpProcessWork
6 ntdll.dll LdrpLoadDllInternal
7 ntdll.dll LdrLoadDll
8 firefox.exe mozilla::freestanding::patched_LdrLoadDll browser/app/winlauncher/freestanding/DllBlocklist.cpp:356
Filing this under networking because the crashes appear to be happening in the socket thread but I'm unsure if the problem is actually related to networking. All the crashes are happening on 32-bit Windows 10. By inspecting the minidumps it appears that we were attempting to load kernel.appcore.dll.
One thing to note about this crash is that it is apparently only happening on nightly but that's because it's a socket process crash: on non-nightly builds the crash report will be written out but the user will not be informed and the crash will not be submitted unless he/she deliberately goes into about:crashes and manually submits it.
The environment data shows:
"sec": {
-"antivirus": [
"Webroot SecureAnywhere"
],
"antispyware": null,
-"firewall": [
"Windows Firewall"
]
}
The correlations say:
(100.0% in signature vs 00.28% overall) Module "WRFCSUser.x86.dll" = true
(100.0% in signature vs 00.28% overall) Module "WRDll.x86.dll" = true
(100.0% in signature vs 01.62% overall) Module "wow64cpu.dll" = true
These DLLs are associated with the webroot AV solution.
Assignee | ||
Comment 2•3 years ago
|
||
I installed a trial version of SecureAnywhere Internet Security Complete (https://www.webroot.com/us/en/home/products/trials/complete), but it didn't have WRDll.[x86|x64].dll. It injected wrusr.dll to firefox.exe instead.
Assignee | ||
Comment 4•3 years ago
|
||
Upon analyzing our telemetry, the version of WRDll.[x86|x64].dll in the crash reports in the last 3 months is 1.1.0.226 or 1.1.0.227, while the loading events in the last 7 days contain only v1.2.1.24. It seems this crash is caused by older versions of WebRoot. So we may be able to block the module safely.
Updated•3 years ago
|
Assignee | ||
Comment 5•3 years ago
|
||
Assignee | ||
Comment 6•3 years ago
|
||
Updated•3 years ago
|
Pushed by tkikuchi@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/888c08402b23 Block Webroot SecureAnywhere's module. r=gcp
Comment 8•3 years ago
|
||
bugherder |
Description
•