1757487 - Enable the LoadLibrary injection protection unconditionally

Status: RESOLVED FIXED

(Core :: DLL Services, defect)

Description

[Toshihito Kikuchi [:toshi]]

In bug 1481454, we expanded the LoadLibrary injection protection from nightly to early beta in v98 and v99. Since we haven't heard any compatibility issues related to this change from v98 early beta versions, it's time to enable this unconditionally.

Comment 1

[Toshihito Kikuchi [:toshi]]

Attachment: Bug 1757487 - Enable the LoadLibrary injection protection unconditionally. r=mhowell

Since no compat issues have been reported since we landed it in v98 beta,
it's time to remove the early-beta limitation.
The patch backs out 8ca70e015f3b863f9df6049d7b7d97123dafa640.

Comment 2

[Pulsebot]

Pushed by tkikuchi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e76373d064bc
Enable the LoadLibrary injection protection unconditionally.  r=mhowell

Comment 3

[Noemi Erli[:noemi_erli]]

https://hg.mozilla.org/mozilla-central/rev/e76373d064bc

Comment 4

[Donal Meehan [:dmeehan]]

Backed out of release for causing bug 1762576
https://hg.mozilla.org/releases/mozilla-release/rev/c24a5f74325cc4f061e71a1ceea09f78c841ac06

Comment 5

[Caspy7]

Are we weakening security because some company can't inject DLLs like they want?

Comment 6

[Gian-Carlo Pascutto [:gcp]]

Are we weakening security because some company can't inject DLLs like they want?

It's more like: the customers of that company, which are Firefox users, do want the specific security that product offers, so blocking it had the opposite effect for them. We weren't aware that there were benign users of this injection technique, so we prefer to unbreak them while we consider how to deal with this.