See bug 448837; can cause crashes on startup in Firefox 3, including safe mode. May also install itself without permission. http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=453090717
The NPMySrch.dll plugin is what needs to be blocklisted here, as that loads the modules that trigger the crash. This file is flagged as MyWebSearch spyware by virus scanners: http://www.virustotal.com/analisis/b201b6d78254374c349cb4f0e463cf8e Name: My Search Plugin Stub Description: My Search Plugin Stub for 32-bit Windows Filename: NPMySrch.dll
Any progress here? This has still been reported on sumo - with around ~10 chats per week (out of ~1000) containing this plugin. From https://chat-support.mozilla.com:9091/plugins/fastpath/chat-conversation.jsp?sessionID=atiy3752939 , it seems to be causing Firefox to hang on Google search results. The version of the plugin from this recent report: Name: My Web Search Plugin Stub Description: My Web Search Plugin Stub for 32-bit Windows Filename: NPMyWebS.dll content-type: application/x-mws-mywebsearchplugin
Do we have any contact with the company behind this plugin (InterActiveCorp/ask.com)?
Kev, would you be willing to speak with someone from interactive?
will take this and run with it.
Created attachment 381169 [details] Chat report of this plugin crashing from SUMO This is an example chat log from a user who was crashing on startup with bp-2aaabe11-c233-454e-bc10-bb0c22090602. Removing the mysearch plugin fixed the crash.
It's been 10 months since I filed this one. What's the status here? Was the company in question ever contacted?
Working through it now. There's no new status as yet, as I'm waiting on a response from the developers. Request was filed with IAC in the first week of June, and I'll continue to move it through. There's nothing set in stone as a timeframe to wait for a response, but I'm inclined to give two to three weeks and then push on (I know how long ago the bug was filed, and will try and escalate through Ask).
Kev, Any update?
Kev? Could we get an update please?
Have placed a call into IAC, will update tomorrow. Apologies for dropping this.
IAC is aware of this bug, and would liek to track it down. Do we have crash data we can share and/or versioning info (e..g is it all versions or only a specific version)?
bug 492675 is the crash bug
Kev? Any update?
We've notified the vendor, and they'd still like crash data to work with, but we're good to proceed.
Alright, so I'd be blocking "NPMySrch.dll" for all versions of all applications. Correct?
Query would be: INSERT INTO `blplugins` (min, max, filename) VALUES (NULL, *, 'NPMySrch.dll');
Speak now or forever hold your peace!
Well Kev said "we're good to proceed" so if people are still hitting this it would be nice if we can finally get this thing blocked.
Agreed. Components lockdown will address a lot of 'em, but I'd sure like to see this in place. Johnath, any objections?
(In reply to comment #20) > Agreed. Components lockdown will address a lot of 'em, but I'd sure like to see > this in place. Johnath, any objections? This sounds like plugin blocklist, not DLL, so I defer to Morgamic. Having said that - are we sure that "NPMySrch.dll" is the name this plugin uses to register itself?
Hi, this is Kirk Lawrence from IAC's Mindspark Division, we publish the MyWebSearch toolbar and the older MySearch toolbar (which are two seperate products). I'm not sure how appropriate it is to post here, but I wanted to ask you NOT to block the plugin until we've had a chance to get to the bottom of the issues. I'd like to invite you to email me at kirk dot lawrence (at) mindspark d0t com to discuss. Thanks, -Kirk
Hey Kirk, It's totally appropriate. You have my email address from previous queries, and I'm happy to discuss the issues and some of the user experience problems we've seen related to this. kev
This is a mass change. Every comment has "assigned-to-new" in it. I didn't look through the bugs, so I'm sorry if I change a bug which shouldn't be changed. But I guess these bugs are just bugs that were once assigned and people forgot to change the Status back when unassigning.
I'm going through all of our existing blocklist entries and this was definitely added to the blocklist some time ago but the bug wasn't closed. This plugin is currently blocked in all versions.