Closed Bug 329375 Opened 19 years ago Closed 14 years ago

Tiny firewall claims that FF injects code to other processes

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: volkmarkostka, Unassigned)

Details

Attachments

(1 file)

Tiny Firewall's log of "illegal" activities by FF.
136.50 KB, image/png
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20060304 Firefox/1.6a1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a1) Gecko/20060304 Firefox/1.6a1 On MozillaZine someone posted this message: After installing a Tiny Firewall, a lot of message "Injecting code into other processes" have been observed while accessing different Web-sites. Each time a number of affected processes is around 2 or 3 duzens. A usual list includes psapi.dll, OLEPRO32.dll,mshtcpip.dllWS2HELP.dll,e tc.). Not sure what is it (I do not allow the injection by default, therefore all of these is being rejected), but might it be some kind of third-party activity (virus ?). Does anybody knows what is it or is it normal? Txs. TinyFirewall: http://www.tinysoftware.com/home/tiny2?la=EN Original thread: http://forums.mozillazine.org/viewtopic.php?t=319588&highlight= This may make users of this firewall/security system suspicious about the trustworthiness of FF. I expect that this bug is closed as INVALID but i like to see some comments. Thanks. Reproducible: Always
My first reaction was 'Bollocks' ofcourse. I wonder what they mean with "code injection". Is it related to the plugins (when FF is untrusted, and the plugin is trusted) ? Or is it to Javascript, which FF uses extensively, but a naive firewall might think that this is ther result of a hacked webpage.
(In reply to comment #0) The "Talkback" plugin included in standard Firefox installation makes code injections into large number of OS components. This is the reason why "Windows Protection" engine of Tiny Firewall triggers alarm, because the same code injection activity is used by viruses/trojans to intrude into system. Please see Tiny Firewall log with huge list of "illegal" activities Firefox perform. http://img205.imageshack.us/my.php?image=firefoxbadbug3yf.gif
PS. In my case the problem is resolved by disabling "Talkback" extension. I suppose FF setup should warn user of potential incompatibility with windows security software and/or confirm installation of potentially problematic "Talkback" extension.
Tiny Firewall's log screenshot with all the code injections FF perform while "Save As" an web page.
It looks like Firefox, Talkback, and Tiny Firewall are all doing exactly what they are supposed to. The problem here is that the user doesn't understand what the Firewall log entries mean. He can tell Tiny Firewall that Talkback is a trusted application, ignore the log entries, or disable Talkback as he pleases. If the user trusts Firefox to run on his computer then it makes little sense not to trust Talkback too.
(In reply to comment #5) Alan, You ignore the fact that this trojan-like behavior of Firefox (or its plugins) make user feel uncomfortable with Firefox. I personally had a big headache when Firefox (AFAIR v.0.9) hanged my windows by contaminating Tiny Firewall's log with thousands of code injection reports. I searched forums and digged Firefox internals for hours to resolve the problem instead of just enjoying good browser. Firefox incompatibility with windows security software triggers such things as uncomfortness and headache. If this is IN NO IMPOTANCE to Firefox team - well, it's your choice. But remember what destiny is usually waiting for any software developer who ignore user's comfort and opinion.
Stop discuss your opinions here. Use the thread of mozillazine for that. I have opened this bug to gather informations from the developers not to discuss user opinions. This is not a discussion board.
(In reply to comment #5) > ... the user doesn't understand > what the Firewall log entries mean. He can tell Tiny Firewall that Talkback is > a trusted application, ... Wrong. Talkback is executed inside Firefox process (as DLL) and there is NO possibility to assign DLL's to different security groups in Tiny Firewall, and I doubt that it is EVEN POSSIBLE in any way. At the other hand, Firefox would start Talkback as a separate process, and this WILL BE the solutinn of the problem (because Talkback as a seperate process can be assigned to "trusted" group while keeping Firefox in "standard", protected group)
Resolving unconfirmed bugs older than a year with no activity as INCOMPLETE. Please reopen or file a new bug if you can still reproduce the bug.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: