Last Comment Bug 449062 - Blocklist MySearch plugin (MyWebSearch)
: Blocklist MySearch plugin (MyWebSearch)
Status: RESOLVED FIXED
:
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
: -- critical (vote)
: ---
Assigned To: Michael Morgan [:morgamic]
:
: Jorge Villalobos [:jorgev]
Mentors:
http://mywebsearch.smileycentral.com/...
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-04 11:24 PDT by Dave Garrett
Modified: 2016-03-07 15:30 PST (History)
13 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Chat report of this plugin crashing from SUMO (6.48 KB, text/plain)
2009-06-02 15:51 PDT, Matthew Middleton (:zzxc)
no flags Details

Description Dave Garrett 2008-08-04 11:24:08 PDT
See bug 448837; can cause crashes on startup in Firefox 3, including safe mode.
May also install itself without permission.
http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=453090717
Comment 1 Matthew Middleton (:zzxc) 2008-10-22 20:19:08 PDT
The NPMySrch.dll plugin is what needs to be blocklisted here, as that loads the modules that trigger the crash.  This file is flagged as MyWebSearch spyware by virus scanners:  http://www.virustotal.com/analisis/b201b6d78254374c349cb4f0e463cf8e

Name: My Search Plugin Stub
Description: My Search Plugin Stub for 32-bit Windows
Filename: NPMySrch.dll
Comment 2 Matthew Middleton (:zzxc) 2009-05-05 21:42:59 PDT
Any progress here?  This has still been reported on sumo - with around ~10 chats per week (out of ~1000) containing this plugin.  From https://chat-support.mozilla.com:9091/plugins/fastpath/chat-conversation.jsp?sessionID=atiy3752939 , it seems to be causing Firefox to hang on Google search results.


The version of the plugin from this recent report:

Name: My Web Search Plugin Stub
Description: My Web Search Plugin Stub for 32-bit Windows
Filename: NPMyWebS.dll

content-type: application/x-mws-mywebsearchplugin
Comment 3 Matthew Middleton (:zzxc) 2009-05-13 16:46:16 PDT
Do we have any contact with the company behind this plugin (InterActiveCorp/ask.com)?
Comment 4 Michael Morgan [:morgamic] 2009-05-22 09:45:53 PDT
Kev, would you be willing to speak with someone from interactive?
Comment 5 Kev Needham [:kev] 2009-05-22 12:18:04 PDT
will take this and run with it.
Comment 6 Matthew Middleton (:zzxc) 2009-06-02 15:51:52 PDT
Created attachment 381169 [details]
Chat report of this plugin crashing from SUMO

This is an example chat log from a user who was crashing on startup with bp-2aaabe11-c233-454e-bc10-bb0c22090602.  Removing the mysearch plugin fixed the crash.
Comment 7 Dave Garrett 2009-06-15 16:32:13 PDT
It's been 10 months since I filed this one. What's the status here? Was the company in question ever contacted?
Comment 8 Kev Needham [:kev] 2009-06-15 16:37:25 PDT
Working through it now. There's no new status as yet, as I'm waiting on a response from the developers. Request was filed with IAC in the first week of June, and I'll continue to move it through. There's nothing set in stone as a timeframe to wait for a response, but I'm inclined to give two to three weeks and then push on (I know how long ago the bug was filed, and will try and escalate through Ask).
Comment 9 Nick Nguyen [:osunick] 2009-10-01 15:48:48 PDT
Kev,

Any update?
Comment 10 Michael Morgan [:morgamic] 2009-11-02 13:10:42 PST
Kev?  Could we get an update please?
Comment 11 Kev Needham [:kev] 2009-11-02 13:31:25 PST
Have placed a call into IAC, will update tomorrow. Apologies for dropping this.
Comment 12 Kev Needham [:kev] 2009-11-10 09:43:52 PST
IAC is aware of this bug, and would liek to track it down. Do we have crash data we can share and/or versioning info (e..g is it all versions or only a specific version)?
Comment 13 [:Cww] 2009-11-24 10:19:19 PST
bug 492675 is the crash bug
Comment 14 Michael Morgan [:morgamic] 2009-11-24 10:39:43 PST
Kev?  Any update?
Comment 15 Kev Needham [:kev] 2009-11-24 10:45:36 PST
We've notified the vendor, and they'd still like crash data to work with, but we're good to proceed.
Comment 16 Michael Morgan [:morgamic] 2009-11-24 16:51:43 PST
Alright, so I'd be blocking "NPMySrch.dll" for all versions of all applications.  Correct?
Comment 17 Michael Morgan [:morgamic] 2009-11-24 16:52:12 PST
Query would be:
INSERT INTO `blplugins` (min, max, filename) VALUES (NULL, *, 'NPMySrch.dll');
Comment 18 Michael Morgan [:morgamic] 2010-01-20 16:07:23 PST
Speak now or forever hold your peace!
Comment 19 Dave Garrett 2010-01-20 16:15:36 PST
Well Kev said "we're good to proceed" so if people are still hitting this it would be nice if we can finally get this thing blocked.
Comment 20 Kev Needham [:kev] 2010-01-20 16:53:27 PST
Agreed. Components lockdown will address a lot of 'em, but I'd sure like to see this in place. Johnath, any objections?
Comment 21 Johnathan Nightingale [:johnath] 2010-01-21 05:26:01 PST
(In reply to comment #20)
> Agreed. Components lockdown will address a lot of 'em, but I'd sure like to see
> this in place. Johnath, any objections?

This sounds like plugin blocklist, not DLL, so I defer to Morgamic. Having said that - are we sure that "NPMySrch.dll" is the name this plugin uses to register itself?
Comment 22 Kirk Lawrence 2010-01-28 12:32:11 PST
Hi, this is Kirk Lawrence from IAC's Mindspark Division, we publish the MyWebSearch toolbar and the older MySearch toolbar (which are two seperate products).  I'm not sure how appropriate it is to post here, but I wanted to ask you NOT to block the plugin until we've had a chance to get to the bottom of the issues.  I'd like to invite you to email me at kirk dot lawrence (at) mindspark d0t com to discuss.

Thanks,
-Kirk
Comment 23 Kev Needham [:kev] 2010-01-28 12:51:28 PST
Hey Kirk,

It's totally appropriate. You have my email address from previous queries, and I'm happy to discuss the issues and some of the user experience problems we've seen related to this.

kev
Comment 24 Michael Kohler [:mkohler] 2010-05-13 10:10:26 PDT
This is a mass change. Every comment has "assigned-to-new" in it.

I didn't look through the bugs, so I'm sorry if I change a bug which shouldn't be changed. But I guess these bugs are just bugs that were once assigned and people forgot to change the Status back when unassigning.
Comment 25 Justin Scott [:fligtar] 2011-04-14 16:01:07 PDT
I'm going through all of our existing blocklist entries and this was definitely added to the blocklist some time ago but the bug wasn't closed.

This plugin is currently blocked in all versions.

Note You need to log in before you can comment on or make changes to this bug.