Enable the LoadLibrary injection protection unconditionally
Categories
(Core :: DLL Services, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox99 | --- | unaffected |
firefox100 | --- | fixed |
People
(Reporter: toshi, Assigned: toshi)
References
Details
Attachments
(1 file)
In bug 1481454, we expanded the LoadLibrary injection protection from nightly to early beta in v98 and v99. Since we haven't heard any compatibility issues related to this change from v98 early beta versions, it's time to enable this unconditionally.
Assignee | ||
Comment 1•3 years ago
|
||
Since no compat issues have been reported since we landed it in v98 beta,
it's time to remove the early-beta limitation.
The patch backs out 8ca70e015f3b863f9df6049d7b7d97123dafa640.
Pushed by tkikuchi@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e76373d064bc Enable the LoadLibrary injection protection unconditionally. r=mhowell
Comment 3•3 years ago
|
||
bugherder |
Comment 4•3 years ago
|
||
Backed out of release for causing bug 1762576
https://hg.mozilla.org/releases/mozilla-release/rev/c24a5f74325cc4f061e71a1ceea09f78c841ac06
Are we weakening security because some company can't inject DLLs like they want?
Updated•2 years ago
|
Comment 6•2 years ago
|
||
Are we weakening security because some company can't inject DLLs like they want?
It's more like: the customers of that company, which are Firefox users, do want the specific security that product offers, so blocking it had the opposite effect for them. We weren't aware that there were benign users of this injection technique, so we prefer to unbreak them while we consider how to deal with this.
Updated•2 years ago
|
Description
•