Closed Bug 1757487 Opened 11 months ago Closed 11 months ago

Enable the LoadLibrary injection protection unconditionally

Categories

(Core :: DLL Services, defect)

Unspecified
Windows
defect

Tracking

()

RESOLVED FIXED
100 Branch
Tracking Status
firefox99 --- unaffected
firefox100 --- fixed

People

(Reporter: toshi, Assigned: toshi)

References

Details

Attachments

(1 file)

In bug 1481454, we expanded the LoadLibrary injection protection from nightly to early beta in v98 and v99. Since we haven't heard any compatibility issues related to this change from v98 early beta versions, it's time to enable this unconditionally.

Since no compat issues have been reported since we landed it in v98 beta,
it's time to remove the early-beta limitation.
The patch backs out 8ca70e015f3b863f9df6049d7b7d97123dafa640.

Pushed by tkikuchi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e76373d064bc
Enable the LoadLibrary injection protection unconditionally.  r=mhowell
Status: NEW → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → 99 Branch

Are we weakening security because some company can't inject DLLs like they want?

Flags: needinfo?(haftandilian)
Regressions: 1762576

Are we weakening security because some company can't inject DLLs like they want?

It's more like: the customers of that company, which are Firefox users, do want the specific security that product offers, so blocking it had the opposite effect for them. We weren't aware that there were benign users of this injection technique, so we prefer to unbreak them while we consider how to deal with this.

Flags: needinfo?(haftandilian)
You need to log in before you can comment on or make changes to this bug.