Closed Bug 1797372 Opened 2 years ago Closed 7 months ago

Mozilla crashes on [@ send ] perhaps because of various buggy LSPs

Categories

(Core :: Networking, defect, P3)

Product:
Core
Component:
Networking
Platform:
Unspecified
Windows
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE
Tracking Flags:
Tracking Status
firefox108 --- affected

People

(Reporter: jesup, Unassigned)

References

Details

(Keywords: crash, csectype-wildptr, sec-high, Whiteboard: [necko-triaged])

Crash Data

Likely this is not the same bug as the previous bug for [@ send]

Almost all READ errors of non-nullptr addresses, plus a few write and exec failures.

Group: core-security → network-core-security

This is fairly low volume, so I don't think we should worry about it too much. But we should definitely keep an eye on it.

Looking at the crash reports:
two seem to be hooked by cyinjct.dll from Palo Alto Networks (Netherlands) B.V.
one by PSNMVHookMS64.dll by Panda security
one by stkhcl32.dll signed by LLC "Stakhanovets" - a russian company

I suspect at most we could try to add the DLLs to our blocklist?

Severity: -- → S3
Priority: -- → P3
Whiteboard: [necko-triaged]

The severity field for this bug is set to S3. However, the bug is flagged with the sec-high keyword.
:valentin, could you consider increasing the severity of this security bug?

For more information, please visit auto_nag documentation.

Flags: needinfo?(valentin.gosu)

Bug is stalled.

Flags: needinfo?(valentin.gosu)

Thunderbird gets these more than Firefox; but everyone has some third-party module loaded. Often Ivanti LANDesk, but there are others. Unfortunately not actionable unless we get more information or a reproducible environment...

Status: NEW → RESOLVED
Closed: 7 months ago
Resolution: --- → INCOMPLETE

Since the bug is closed, the stalled keyword is now meaningless.
For more information, please visit BugBot documentation.

Keywords: stalled
Group: network-core-security
You need to log in before you can comment on or make changes to this bug.