Blocklist MySearch plugin (MyWebSearch)

RESOLVED FIXED

Status

()

Toolkit
Blocklisting
--
critical
RESOLVED FIXED
9 years ago
2 years ago

People

(Reporter: Dave Garrett, Assigned: morgamic)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

9 years ago
See bug 448837; can cause crashes on startup in Firefox 3, including safe mode.
May also install itself without permission.
http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=453090717
The NPMySrch.dll plugin is what needs to be blocklisted here, as that loads the modules that trigger the crash.  This file is flagged as MyWebSearch spyware by virus scanners:  http://www.virustotal.com/analisis/b201b6d78254374c349cb4f0e463cf8e

Name: My Search Plugin Stub
Description: My Search Plugin Stub for 32-bit Windows
Filename: NPMySrch.dll
Summary: Blocklist MySearch toolbar → Blocklist MySearch plugin
(Assignee)

Updated

9 years ago
Assignee: nobody → morgamic
Severity: normal → major
Any progress here?  This has still been reported on sumo - with around ~10 chats per week (out of ~1000) containing this plugin.  From https://chat-support.mozilla.com:9091/plugins/fastpath/chat-conversation.jsp?sessionID=atiy3752939 , it seems to be causing Firefox to hang on Google search results.


The version of the plugin from this recent report:

Name: My Web Search Plugin Stub
Description: My Web Search Plugin Stub for 32-bit Windows
Filename: NPMyWebS.dll

content-type: application/x-mws-mywebsearchplugin
Severity: major → critical
Summary: Blocklist MySearch plugin → Blocklist MySearch plugin (MyWebSearch)
Do we have any contact with the company behind this plugin (InterActiveCorp/ask.com)?
(Assignee)

Comment 4

8 years ago
Kev, would you be willing to speak with someone from interactive?
Assignee: morgamic → kev

Comment 5

8 years ago
will take this and run with it.
Created attachment 381169 [details]
Chat report of this plugin crashing from SUMO

This is an example chat log from a user who was crashing on startup with bp-2aaabe11-c233-454e-bc10-bb0c22090602.  Removing the mysearch plugin fixed the crash.
(Reporter)

Comment 7

8 years ago
It's been 10 months since I filed this one. What's the status here? Was the company in question ever contacted?

Comment 8

8 years ago
Working through it now. There's no new status as yet, as I'm waiting on a response from the developers. Request was filed with IAC in the first week of June, and I'll continue to move it through. There's nothing set in stone as a timeframe to wait for a response, but I'm inclined to give two to three weeks and then push on (I know how long ago the bug was filed, and will try and escalate through Ask).
Kev,

Any update?
(Assignee)

Comment 10

8 years ago
Kev?  Could we get an update please?

Comment 11

8 years ago
Have placed a call into IAC, will update tomorrow. Apologies for dropping this.

Comment 12

8 years ago
IAC is aware of this bug, and would liek to track it down. Do we have crash data we can share and/or versioning info (e..g is it all versions or only a specific version)?

Comment 13

8 years ago
bug 492675 is the crash bug
(Assignee)

Comment 14

8 years ago
Kev?  Any update?

Comment 15

8 years ago
We've notified the vendor, and they'd still like crash data to work with, but we're good to proceed.
(Assignee)

Comment 16

8 years ago
Alright, so I'd be blocking "NPMySrch.dll" for all versions of all applications.  Correct?
Assignee: kev → morgamic
Status: NEW → ASSIGNED
(Assignee)

Comment 17

8 years ago
Query would be:
INSERT INTO `blplugins` (min, max, filename) VALUES (NULL, *, 'NPMySrch.dll');
(Assignee)

Comment 18

8 years ago
Speak now or forever hold your peace!
(Reporter)

Comment 19

8 years ago
Well Kev said "we're good to proceed" so if people are still hitting this it would be nice if we can finally get this thing blocked.

Comment 20

8 years ago
Agreed. Components lockdown will address a lot of 'em, but I'd sure like to see this in place. Johnath, any objections?
(Assignee)

Updated

8 years ago
Whiteboard: mozilla.com
(In reply to comment #20)
> Agreed. Components lockdown will address a lot of 'em, but I'd sure like to see
> this in place. Johnath, any objections?

This sounds like plugin blocklist, not DLL, so I defer to Morgamic. Having said that - are we sure that "NPMySrch.dll" is the name this plugin uses to register itself?

Comment 22

8 years ago
Hi, this is Kirk Lawrence from IAC's Mindspark Division, we publish the MyWebSearch toolbar and the older MySearch toolbar (which are two seperate products).  I'm not sure how appropriate it is to post here, but I wanted to ask you NOT to block the plugin until we've had a chance to get to the bottom of the issues.  I'd like to invite you to email me at kirk dot lawrence (at) mindspark d0t com to discuss.

Thanks,
-Kirk

Comment 23

8 years ago
Hey Kirk,

It's totally appropriate. You have my email address from previous queries, and I'm happy to discuss the issues and some of the user experience problems we've seen related to this.

kev
(Assignee)

Updated

8 years ago
Assignee: morgamic → nobody
This is a mass change. Every comment has "assigned-to-new" in it.

I didn't look through the bugs, so I'm sorry if I change a bug which shouldn't be changed. But I guess these bugs are just bugs that were once assigned and people forgot to change the Status back when unassigning.
Status: ASSIGNED → NEW
I'm going through all of our existing blocklist entries and this was definitely added to the blocklist some time ago but the bug wasn't closed.

This plugin is currently blocked in all versions.
Assignee: nobody → morgamic
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Whiteboard: mozilla.com
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.