User-agent check fails when a second "NT" is in the string

VERIFIED FIXED

Status

www.mozilla.org
General
--
major
VERIFIED FIXED
9 years ago
6 years ago

People

(Reporter: Mardeg, Assigned: abuchanan)

Tracking

({verified-production})

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

9 years ago
Someone with the following user-agent string:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 WinNT-PAI 12.06.2009 AutoPager/0.5.2.2 (http://www.teesoft.info/)

reported getting the "We’re sorry to report this, but your computer does not meet the minimum system requirements to run this version of Firefox."

I'm yet to find out what is automatically adding the "WinNT-PAI" to the string, but for the purpose of this bug it's clearly failing to grab the first "NT 5.1" that is in the string - I reproduced the problem by manually adding "WinNT-PAI" bit to the end of mine.
(Reporter)

Comment 1

9 years ago
A quick google search finds a Trojan:Win32/FakeXPA
http://www.threatexpert.com/report.aspx?md5=72e15bf94e8cb6ea2fc8d0626774ddd2

If this really is a trojan and detectable in user-agent strings, perhaps we could let them know this and link to http://www.geekpolice.net/malware-removal-guides-f12/how-to-remove-personalav-removal-guide-t11001.htm or something?
We have a number of users experiencing this for various reasons. Any chance we can update our UA sniffing code?
Associated threads:

Firefox says I do not have the minimum requirements to load Firefox 3.5
http://support.mozilla.com/en-US/forum/1/503001

I tried to load Firefox and got a message that my system doesn't meet the minimum requirements; what does this mean?
http://support.mozilla.com/en-US/forum/1/492305
From http://svn.mozilla.org/projects/mozilla.com/trunk/js/download.js :

 * The regular expression matches:

 *  - WinNT (not followed by version or followed bu version < 5)

gPlatformUnsupported includes:

(Win(16|9[x58]|NT( [1234]| [^0-9]|[^ ]|$))

The WinNT[^ ] case is what's being hit here. Perhaps that should just be [^ -]?
Assignee: nobody → buchanae
Severity: normal → major
(Assignee)

Updated

8 years ago
Duplicate of this bug: 554474
(Assignee)

Comment 6

8 years ago
From bug 554474 (duplicate in comment #5)

similar user agent is broken,

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; SpamBlockerUtility 4.8.4; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; WinNT-EVU 11.12.2009)

Also hitting the WinNT-
(Assignee)

Comment 7

8 years ago
Shall we go with Gavin's [^ -] suggestion?  That works for me.  I don't know a better solution so far.

Also, I'm not sure what our unsupported platforms are, or what those user agent strings could be.  This makes it hard to test.  By chance, are those documented somewhere?  (i.e. testing that unsupported platforms are still matched, and we only changed this edge case)
(Assignee)

Comment 8

8 years ago
Created attachment 435053 [details] [diff] [review]
Patch v1
Attachment #435053 - Flags: review?
(Assignee)

Updated

8 years ago
Attachment #435053 - Flags: review? → review?(fwenzel)
Comment on attachment 435053 [details] [diff] [review]
Patch v1

Looks good.
Attachment #435053 - Flags: review?(fwenzel) → review+
Now for the bad news, I found a source claiming these additions to the user agent are caused by malware: http://bink.nu/forums/t/24134.aspx . When searching for EVU (re: comment 6), another group of them pops up.

These users seem to unwillingly be part of a fun little bot net.
(Assignee)

Comment 11

8 years ago
r65700 Patch v1 on trunk

Over to QA
Assignee: buchanae → mozwebqa
(Assignee)

Comment 12

8 years ago
Filed bug 559111 for any discussion about detecting malware and notifying the user, since that seems like a much bigger project than this bug.
Looks good using:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12 WinNT-PAI 12.06.2009 AutoPager/0.5.2.2

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR
1.1.4322; SpamBlockerUtility 4.8.4; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152;
.NET CLR 3.5.30729; WinNT-EVU 11.12.2009)

I want to do a bit more regression-testing with IE 6, 7, 8, Opera, Chrome, and Safari on Windows (and, probably check Linux/Mac, too, just to be sure).

I'll update a little later; pushing out AMO right now.
OK, tested on Windows 2000, Windows Server 2003, Vista; haven't found any issues.
Back to Alex.
Assignee: mozwebqa → abuchanan
(Assignee)

Comment 16

8 years ago
r70315 on stage/prod
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Verified FIXED on prod, using Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR
1.1.4322; SpamBlockerUtility 4.8.4; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152;
.NET CLR 3.5.30729; WinNT-EVU 11.12.2009) as my user agent.
Status: RESOLVED → VERIFIED
Keywords: verified-production
Component: www.mozilla.org/firefox → www.mozilla.org
Product: Websites → Websites
Component: www.mozilla.org → General
Product: Websites → www.mozilla.org
You need to log in before you can comment on or make changes to this bug.