Introduce a button to temporarily block an injected module in about:third-party
Categories
(Firefox :: Launcher Process, enhancement)
Tracking
()
People
(Reporter: toshi, Assigned: gstoll)
References
(Depends on 2 open bugs)
Details
Attachments
(15 files, 9 obsolete files)
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
383.96 KB,
image/png
|
Details | |
626.88 KB,
image/png
|
Details | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
Details | Review |
The current about:third-party page displays read-only contents only. Our next step is to introduce a button on the page so that users can block unwanted modules on their own.
Comment hidden (off-topic) |
Comment 2•2 years ago
|
||
Sorry, there was a problem with the detection of inactive users. I'm reverting the change.
Comment 3•2 years ago
|
||
Comment 4•2 years ago
|
||
- AddString should check .Length instead of .MaximumLength
- SharedSection::Init does not have to take PEHeaders
- Improve the boundary check in SharedSection::AddDependentModule
- Use MOZ_LITERAL_UNICODE_STRING in Kernel32ExportsSolver::ResolveInternal
- Use SharedSection::ConvertToReadOnly in TestCrossProcessWin
- Use SharedSection::Reset to close the handle in TestCrossProcessWin
- Typo: s/AddDepenentModule/AddDependentModule/
- TestCrossProcessWin should compare leaf names
Depends on D159202
Comment 5•2 years ago
|
||
Depends on D159203
Comment 6•2 years ago
|
||
Depends on D159204
Comment 7•2 years ago
|
||
Depends on D159205
Comment 8•2 years ago
|
||
Depends on D159206
Comment 9•2 years ago
|
||
Depends on D159207
Comment 10•2 years ago
|
||
Depends on D159208
Comment 11•2 years ago
|
||
Depends on D159209
Comment 12•2 years ago
|
||
I've posted Toshi's patch set for this work from try revision 570165fbc6ef so we're less likely to lose the patches. These were from March, 2022.
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 13•2 years ago
|
||
Assignee | ||
Comment 14•2 years ago
|
||
- AddString should check .Length instead of .MaximumLength
- SharedSection::Init does not have to take PEHeaders
- Improve the boundary check in SharedSection::AddDependentModule
- Use MOZ_LITERAL_UNICODE_STRING in Kernel32ExportsSolver::ResolveInternal
- Use SharedSection::ConvertToReadOnly in TestCrossProcessWin
- Use SharedSection::Reset to close the handle in TestCrossProcessWin
- Typo: s/AddDepenentModule/AddDependentModule/
- TestCrossProcessWin should compare leaf names
Depends on D164483
Assignee | ||
Comment 15•2 years ago
|
||
Depends on D164484
Assignee | ||
Comment 16•2 years ago
|
||
Depends on D164485
Assignee | ||
Comment 17•2 years ago
|
||
Depends on D164486
Assignee | ||
Comment 18•2 years ago
|
||
Depends on D164487
Assignee | ||
Comment 19•2 years ago
|
||
Depends on D164488
Assignee | ||
Comment 20•2 years ago
|
||
Depends on D164489
Assignee | ||
Comment 21•2 years ago
|
||
Depends on D164490
Assignee | ||
Comment 22•2 years ago
|
||
This pulls in the existing wiki page about the blocklist from https://wiki.mozilla.org/Blocklisting/DLL and adds some technical details and information about the new dynamic blocklist.
Depends on D164491
Assignee | ||
Comment 23•2 years ago
|
||
about:third-party with new "block" buttons, but nothing blocked
Assignee | ||
Comment 24•2 years ago
|
||
about:third-party after choosing to block TortoiseOverlays.dll
Assignee | ||
Comment 25•2 years ago
|
||
Two of the three DLLs that Avast injects into Firefox were not properly being blocked when on the dynamic blocklist because they were being loaded before kernel32.dll, and SharedSection::Layout::Resolve() would fail. For the dynamic blocklist part of things we don't actually need the kernel32 exports, so this change moves them to the end of Resolve() and adds an intermediate state where the dynamic blocklist entries have been loaded but not the kernel32 exports. Now all three DLLs can be blocked correctly when on the dynamic blocklist.
Depends on D164492
Comment 26•2 years ago
|
||
Comment 27•2 years ago
|
||
Backed out for causing multiple failures and build bustages.
-
Failure line: TEST-UNEXPECTED-FAIL | dom/canvas/test/webgl-conf/generated/test_2_conformance2__textures__misc__tex-3d-size-limit.html | application terminated with exit code 1 | after SUMMARY: AddressSanitizer: access-violation /builds/worker/checkouts/gecko/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp:455 in mozilla::GetPrespawnCigExceptionModules::<lambda_3>::operator()
-
It also failed on this.
-
Failure line: TEST-UNEXPECTED-FAIL | telemetry/marionette/tests/client/test_shutdown_pings_succeed.py TestShutdownPingsSucced.test_shutdown_pings_succeed_pingsender2 | AssertionError: {'event': b'2.0', 'first-shutdown': b'2.0', 'main': b'', 'new-profile': b'2.0'} != {'first-shutdown': b'', 'main': b'', 'event': b'', 'new-profile': b''}
-
It caused build bustages too --> https://treeherder.mozilla.org/jobs?repo=autoland&group_state=expanded&resultStatus=testfailed%2Cbusted%2Cexception&fromchange=ab4dceb3ca5172cfe87aa7570339e1e51ec1412e&tochange=81e46b9ec13718e779669e1939817b743d5399c3&selectedTaskRun=YFn4HvgNT_ezyntUdz8WQw.0 and --> https://treeherder.mozilla.org/jobs?repo=autoland&group_state=expanded&resultStatus=testfailed%2Cbusted%2Cexception&fromchange=ab4dceb3ca5172cfe87aa7570339e1e51ec1412e&tochange=81e46b9ec13718e779669e1939817b743d5399c3&selectedTaskRun=aTDWJhTYQxKG4wmyqTvgBQ.0
Comment 28•2 years ago
|
||
- It also caused xpcshell failures --> https://treeherder.mozilla.org/jobs?repo=autoland&group_state=expanded&resultStatus=success%2Ctestfailed%2Cbusted%2Cexception&searchStr=windows%2C10%2Cx64%2C2004%2Cwebrender%2Copt%2Cxpcshell%2Ctests%2Cwith%2Cnetworking%2Con%2Csocket%2Cprocess%2Ctest-windows10-64-2004-qr%2Fopt-xpcshell-spi-nw%2Cx3&fromchange=ab4dceb3ca5172cfe87aa7570339e1e51ec1412e&tochange=81e46b9ec13718e779669e1939817b743d5399c3&selectedTaskRun=MKcUt9mpRK2IvP6hzrIhww.0.
- Failure Log
- Failure line: TEST-UNEXPECTED-FAIL | toolkit/components/backgroundtasks/tests/xpcshell/test_backgroundtask_unique_profile.js | xpcshell return code: 0
Updated•2 years ago
|
Updated•2 years ago
|
Assignee | ||
Comment 29•2 years ago
|
||
- In sandboxBroker.cpp Be more careful about checking whether GetDependentModules() is returning an empty span to avoid ASAN problems
- In TestCrossProcessWin.cpp, make UniquePtr live as long as the Span that wraps it
- In LauncherRegistryInfo, mingw doesn't allow using
constexpr
with expressions containing '|', so just make flagsconst
instead.
Depends on D164738
Comment 30•2 years ago
|
||
Comment 32•2 years ago
|
||
Backed out for causing MinGW build bustages.
Backout link: https://hg.mozilla.org/integration/autoland/rev/2970d380a628ca203cd63797601f5945dd189a17
Failure log: https://treeherder.mozilla.org/logviewer?job_id=400843008&repo=autoland&lineNumber=98226
Assignee | ||
Comment 33•2 years ago
|
||
The comment mostly explains it. I don't understand why this only happens on PGO builds, but it's 100% reproducible on try builds and the fix seems reasonable enough.
Depends on D165561
Comment 34•2 years ago
|
||
Assignee | ||
Comment 35•2 years ago
|
||
landed changes (again :-) ) that should fix these
Comment 36•2 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/5105bbfbd67d
https://hg.mozilla.org/mozilla-central/rev/3ea314484db7
https://hg.mozilla.org/mozilla-central/rev/f0e4294e5bc2
https://hg.mozilla.org/mozilla-central/rev/7616ecd9e3f6
https://hg.mozilla.org/mozilla-central/rev/1685365fd68d
https://hg.mozilla.org/mozilla-central/rev/f2d8658ce1b1
https://hg.mozilla.org/mozilla-central/rev/9a2bcd63febe
https://hg.mozilla.org/mozilla-central/rev/59635f1ed0bd
https://hg.mozilla.org/mozilla-central/rev/bf477ea61809
https://hg.mozilla.org/mozilla-central/rev/5bc146059945
https://hg.mozilla.org/mozilla-central/rev/17351698e3e7
https://hg.mozilla.org/mozilla-central/rev/0524114dbd0e
https://hg.mozilla.org/mozilla-central/rev/c3b81880d219
Comment 37•2 years ago
|
||
Greg, is that something that needs a mention in our release notes for 110? Thanks
Assignee | ||
Comment 38•2 years ago
|
||
I think it would be nice to mention in the release notes - :haik, do you agree?
Comment 39•2 years ago
|
||
(In reply to Greg Stoll from comment #38)
I think it would be nice to mention in the release notes - :haik, do you agree?
Yep, definitely.
Assignee | ||
Comment 40•2 years ago
|
||
Release Note Request (optional, but appreciated)
[Why is this notable]: Allows users to block third-party modules that inject themselves into the Firefox process.
[Affects Firefox for Android]: No
[Suggested wording]: On Windows, third-party modules can now be blocked from injecting themselves into Firefox, which can be helpful if they are causing crashes or other undesirable behavior. See this page for more information. (with link to the SUMO page below)
[Links (documentation, blog post, etc)]: https://support.mozilla.org/en-US/kb/identify-problems-third-party-modules-firefox-windows (this page has not been updated yet)
Comment 41•2 years ago
|
||
Note added to our nightly and beta 110 release notes (without the link until the content is updated).
Updated•7 months ago
|
Updated•7 months ago
|
Updated•7 months ago
|
Updated•7 months ago
|
Updated•7 months ago
|
Updated•7 months ago
|
Updated•7 months ago
|
Updated•7 months ago
|
Updated•7 months ago
|
Description
•