bugzilla.mozilla.org will be intermittently unavailable on Saturday, March 24th, from 16:00 until 20:00 UTC.

Adding the Facebook app "Discover Your Friend Facts" crashes Firefox (flash)



External Software Affecting Firefox
Flash (Adobe)
9 years ago
2 years ago


(Reporter: reid, Unassigned)



Firefox Tracking Flags

(Not tracked)


(Whiteboard: [sg:vector flash?])



9 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv: Gecko/20090824 Firefox/3.5.3
Build Identifier: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv: Gecko/20090824 Firefox/3.5.3

I added the Facebook app "Discover Your Friend Facts" by clicking on a news story posted in a friend's feed. The app behaved a little strangely - Facebook confirmation boxes being auto-clicked, mostly - and when I got to the stage where it asked to post the result on my feed, I got an X error, system load climbed to 8-10, and then Firefox crashed with a core dump.

Reproducible: Always

Steps to Reproduce:
1. Log into Facebook.

2. Find a friend who's used the Discover Your Friend Facts app and posted the news story to his/her feed, and click on the Discover Your Friend Facts link in that story, -or-, perhaps just going to http://topzy.com/friendfacts/?ref=feed&ref=nf while logged into Facebook is sufficient.

3. Work through the app's wizard.

4. At the last step, when a feed story is offered, type in some stuff. I typed in: "While the graphs are pretty interesting, this app smells pretty sleazy, so I would not recommend it.\n\nI'm particularly amused by the political breakdown."

5. Click back in the text to edit it (I wanted to remove the first "pretty").

6. App auto-posts to your feed (this is against Facebook TOS btw).
Actual Results:  
Firefox prints on the conesole the following text and locks up:

The program 'firefox-bin' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadIDChoice (invalid resource ID chosen for this connection)'.
  (Details: serial 87290960 error_code 14 request_code 55 minor_code 0)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)

System load goes pretty high (say 6-10) for several seconds, and then Firefox dumps core.

Expected Results:  
No X error, no excessive CPU use, no crash.

I have a core dump; it's 1.4GB. I'm leery of sending in such a large dump since that's my browsing history for the past N days.

I checked the "security" box. This may be wrong, but I figured that it would be better to check it and be wrong than vice versa.
Maybe duplicate of bug 458092, which is a bug in libxcb?  What distro are you using?

Comment 2

9 years ago
Hmm, the backtrace is way different from bug 458092.

Furthermore, it seems to have crashed inside the Flash Player, which is odd since I have Flashblock installed and there's only two whitelisted sites, neither of which have anything to do with Facebook.

I suppose this is a good lesson in not clicking on questionable Facebook apps.... sigh.

Given the backtrace, is this still a FF bug?

Thanks for your help.

#0  0xf7f5f9a0 in pthread_mutex_lock () from /lib/i686/cmov/libpthread.so.0
(gdb) bt
#0  0xf7f5f9a0 in pthread_mutex_lock () from /lib/i686/cmov/libpthread.so.0
#1  0xb3a387f8 in ?? ()
   from /usr/local/src/flash_player_10_linux_dev_10.0.32.18/plugin/debugger/libflashplayer.so
#2  0xb3a38a82 in ?? ()
   from /usr/local/src/flash_player_10_linux_dev_10.0.32.18/plugin/debugger/libflashplayer.so
#3  0xb3a38b11 in ?? ()
   from /usr/local/src/flash_player_10_linux_dev_10.0.32.18/plugin/debugger/libflashplayer.so
#4  0xb38b071d in ?? ()
   from /usr/local/src/flash_player_10_linux_dev_10.0.32.18/plugin/debugger/libflashplayer.so
#5  0xf7f5e4c0 in start_thread () from /lib/i686/cmov/libpthread.so.0
#6  0xf67886de in clone () from /lib/i686/cmov/libc.so.6
From the stack this does not appear to be a Firefox bug. Don't know if it's a potential security problem or not so we can leave the bug hidden.

Charles: is this a known Flash issue?
Summary: Adding the Facebook app "Discover Your Friend Facts" crashes Firefox → Adding the Facebook app "Discover Your Friend Facts" crashes Firefox (flash)
Whiteboard: [sg:vector-? (flash)]

Comment 4

9 years ago
don't know anything about this but lets keep it hidden and see if more information comes in.

Comment 5

9 years ago
seems like there might be two things to explore to get more data.

try to make the crash happen with a breakpad enabled build so we can see what the signature looks like to compare to others.


get some discussion going on the facebook crash finding group(s) to see if other see the problem.

Comment 6

9 years ago
there is a signature and bug for pthread_mutex_lock crashes but that is all mac and the stacks in that case seem all over the place.  some times with flash on the stack and sometimes not.


Signature  	        # 	Win  	Mac  	Lin  	Bugzilla Ids
pthread_mutex_lock 	166 	0 	166 	0 	bug 452318 ,More


9 years ago
Severity: normal → critical
Keywords: crash


9 years ago
Component: Security → Plug-ins
Product: Firefox → Core
QA Contact: firefox → plugins

Comment 7

8 years ago
I ran a quick test and I am not even sure this is a Flash Application.  I was UTR during my testing and not once detected a SWF.
I don't think this bug is going anywhere useful as a Mozilla security bug. I'll leave it hidden though until Adobe says it's not revealing any risks to their users.
Last Resolved: 8 years ago
Resolution: --- → INCOMPLETE
Whiteboard: [sg:vector-? (flash)] → [sg:vector flash] need response to comment 8 before unhiding
Group: core-security
Whiteboard: [sg:vector flash] need response to comment 8 before unhiding → [sg:vector flash?]


8 years ago
Component: Plug-ins → Flash (Adobe)
Product: Core → Plugins
QA Contact: plugins → adobe-flash
Version: unspecified → 10.x

Comment 9

2 years ago
Version and milestone values are being reset to defaults as part of product refactoring.
Version: 10.x → unspecified
You need to log in before you can comment on or make changes to this bug.