Mozilla crashes on [@ send ] perhaps because of various buggy LSPs
Categories
(Core :: Networking, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox108 | --- | affected |
People
(Reporter: jesup, Unassigned)
References
Details
(Keywords: crash, csectype-wildptr, sec-high, Whiteboard: [necko-triaged])
Crash Data
Likely this is not the same bug as the previous bug for [@ send]
Almost all READ errors of non-nullptr addresses, plus a few write and exec failures.
Updated•2 years ago
|
This is fairly low volume, so I don't think we should worry about it too much. But we should definitely keep an eye on it.
Looking at the crash reports:
two seem to be hooked by cyinjct.dll from Palo Alto Networks (Netherlands) B.V.
one by PSNMVHookMS64.dll by Panda security
one by stkhcl32.dll signed by LLC "Stakhanovets" - a russian company
I suspect at most we could try to add the DLLs to our blocklist?
Comment 2•2 years ago
|
||
The severity field for this bug is set to S3. However, the bug is flagged with the sec-high
keyword.
:valentin, could you consider increasing the severity of this security bug?
For more information, please visit auto_nag documentation.
Bug is stalled.
Comment 4•7 months ago
|
||
Thunderbird gets these more than Firefox; but everyone has some third-party module loaded. Often Ivanti LANDesk, but there are others. Unfortunately not actionable unless we get more information or a reproducible environment...
Comment 5•7 months ago
|
||
Since the bug is closed, the stalled keyword is now meaningless.
For more information, please visit BugBot documentation.
Updated•5 months ago
|
Description
•