Closed
Bug 519343
Opened 16 years ago
Closed 16 years ago
Crash [@ NPFFAddOn.dll@0x11867]
Categories
(Firefox :: General, defect, P2)
Tracking
()
RESOLVED
FIXED
Firefox 3.7a1
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | beta4-fixed |
People
(Reporter: cbook, Assigned: johnath)
References
Details
(Keywords: crash, topcrash, Whiteboard: [crashkill][crashkill-thirdparty][crashkill-block] AV vendors informed - waiting for responses)
Crash Data
seems this is a topcrash : NPFFAddOn.dll@0x11867
http://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A3.5.3&query_search=signature&query_type=exact&query=&date=&range_value=1&range_unit=weeks&do_query=1&signature=NPFFAddOn.dll%400x11867
will investigate and see if i can reproduce this and get this malware, so assigning to me for the moment
Flags: blocking-firefox3.6?
|
||
Comment 2•16 years ago
|
||
Blocking 3.6+ per CrashKill effort.
Flags: blocking-firefox3.6? → blocking-firefox3.6+
|
||
Comment 3•16 years ago
|
||
Marking all topcrash bugs as P2 (3.6 release blockers, but not 3.6b1 blockers)
|
|
||
Updated•16 years ago
|
Priority: -- → P2
|
Reporter | |
Comment 4•16 years ago
|
||
so this should be fixed by bug 512122, but we still get crashes ?
|
|
Reporter | |
Comment 5•16 years ago
|
||
|
||
Comment 6•16 years ago
|
||
this comment specifically might be the reason why some people are still seeing this: https://bugzilla.mozilla.org/show_bug.cgi?id=512406#c15
are there other reasons why the blocklist might not get updated?
anyone familiar enough w/ the numbers to know if the instances of this crash (this is #12 topcrasher atm) could possibly be all from people who's blocklist wasn't updated for one reason or another?
|
|
||
Updated•16 years ago
|
Whiteboard: [crashkill]
|
|
||
Comment 7•16 years ago
|
||
Carsten, the last crashkill meeting notes indicated that we need to get in touch with AV vendors. Which ones? I'm trying to create bugs to track them.
|
|
||
Comment 8•16 years ago
|
||
All of them. We need to tell them that we think this is malware and ask them to remove/quarantine this dll from users' systems.
|
|
Reporter | |
Updated•16 years ago
|
Whiteboard: [crashkill] → [crashkill] waiting on a email-review from ss, then i will sent out the mail to AV Vendors
|
||
Comment 9•16 years ago
|
||
If it's in the components directory, it will also be addressed by the compdir-lockdown. Did the email get sent?
Depends on: compdir-lockdown
|
|
||
Updated•16 years ago
|
Whiteboard: [crashkill] waiting on a email-review from ss, then i will sent out the mail to AV Vendors → [crashkill][crashkill-thirdparty][crashkill-block] waiting on a email-review from ss, then i will sent out the mail to AV Vendors
|
||
Comment 10•16 years ago
|
||
I'm pretty sure the A-V vendors will want a copy of the offending DLL -- that's
how I got nsBrowserOpt.dll beaten back. You put it in a zip encrypted with the
password "infected" (typically -- check for particulars) and submit it through
the A-V's web site or mailed to a submission address.
The first step is getting a copy of the DLL though. email addresses from
crash-stats may help, again that's how we dealt with nsBrowserOpt.dll. Failing
that maybe we can find a victim through one of the support avenues and get a
copy from them.
|
|
Reporter | |
Comment 11•16 years ago
|
||
Hi,
the Emails to the AV Vendors (51 vendors) is sent out (thanks Sam again!) and will update this bug when i get responses.
Also yeah a sample of the dll would be cool.
Whiteboard: [crashkill][crashkill-thirdparty][crashkill-block] waiting on a email-review from ss, then i will sent out the mail to AV Vendors → [crashkill][crashkill-thirdparty][crashkill-block] AV vendors informed - waiting for responses
|
|
||
Comment 14•16 years ago
|
||
While Johnath might not be the final owner for this, as the owner of the DLL blocklist and shepherd of component directory lockdownership, I think he may be best to drive it forward from this point on.
Assignee: nobody → johnath
|
|
Assignee | |
Comment 15•16 years ago
|
||
Just resolved bug 525103 on trunk, which adds npffaddon.dll (all versions) to the DLL blocklist. My belief is that this should fix the issue for anyone using a version of Firefox with DLL blocklisting (any 3.6 version after today).
Pretty sure that resolves this bug, too. Can't load the DLL -> can't crash because of it.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•16 years ago
|
Whiteboard: [crashkill][crashkill-thirdparty][crashkill-block] AV vendors informed - waiting for responses → [fixed by 525103][crashkill][crashkill-thirdparty][crashkill-block] AV vendors informed - waiting for responses
Summary: Crash [@NPFFAddOn.dll@0x11867] → Crash [@ NPFFAddOn.dll@0x11867]
|
|
Assignee | |
Comment 16•16 years ago
|
||
Should be fixed by checkin on bug 525103
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/74dfc0468e0a
status1.9.2:
--- → final-fixed
Whiteboard: [fixed by 525103][crashkill][crashkill-thirdparty][crashkill-block] AV vendors informed - waiting for responses → [crashkill][crashkill-thirdparty][crashkill-block] AV vendors informed - waiting for responses
|
||
Comment 17•16 years ago
|
||
Tony, have you seen the crash while working on the blacklisting feature for this kind of add-on? If yes, can you verify that it has been fixed in 3.6b4?
Target Milestone: --- → Firefox 3.7a1
|
||
Updated•14 years ago
|
Crash Signature: [@ NPFFAddOn.dll@0x11867]
You need to log in
before you can comment on or make changes to this bug.
Description
•