1896442 - Crash in [@ protector64.dll | <unknown in ntdll.pdb>]

Status: RESOLVED FIXED

(External Software Affecting Firefox :: Other, defect, P3)

Description

[Gabriele Svelto [:gsvelto]]

Crash report: https://crash-stats.mozilla.org/report/index/6959dbe2-1b77-4128-ab00-fbb1d0240513

Reason: EXCEPTION_STACK_BUFFER_OVERRUN / FAST_FAIL_FATAL_APP_EXIT

Top 10 frames:

0  Protector64.dll  Protector64.dll@0x33b03
1  Protector64.dll  Protector64.dll@0x13bdef
2  ntdll.dll  <unknown in ntdll.pdb>
3  Protector64.dll  Protector64.dll@0x11810f
4  Protector64.dll  Protector64.dll@0xe64df
5  o_uejmnh.dll  o_uejmnh.dll@0x23457
6  Protector64.dll  Protector64.dll@0x69a52
7  Protector64.dll  Protector64.dll@0xa9f23
8  Protector64.dll  Protector64.dll@0x13bdef
9  Protector64.dll  Protector64.dll@0x14b8df

Just found this junk crashing Firefox in measurable volumes under this signature. There's many more low-volume signatures. The only mention I found of this DLL is this CVE. Apparently it's made by a company called Morphisec and it's some kind of snake oil endpoint protection solution.

Comment 1

[Ryan VanderMeulen [:RyanVM]]

Should we just go ahead and block this?

Comment 2

[Greg Stoll :gstoll]

This is crashing the plugin process, which I didn't realize still existed!

Comment 3

[Ryan VanderMeulen [:RyanVM]]

GMP topcrash according to https://mozilla.github.io/process-top-crashes/gmplugin_release.html

Comment 4

[Greg Stoll :gstoll]

Oh, for some reason I was thinking NPAPI plugins. Yeah, we should probably block this.

Comment 5

[Greg Stoll :gstoll]

Attachment: Bug 1896442 - block protector64.dll from the plugin process r=gsvelto!

Comment 6

[Pulsebot]

Pushed by gstoll@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/f125000f05f8
block protector64.dll from the plugin process r=win-reviewers,handyman

Comment 7

[Serban Stanca [:SerbanS]]

https://hg.mozilla.org/mozilla-central/rev/f125000f05f8