Closed
Bug 531587
Opened 15 years ago
Closed 13 years ago
Crash [@ WSOFFAddOn.dll@0x955d ] and [@ WSOFFAddOn.dll@0xc4bc ]
Categories
(Toolkit :: Blocklist Policy Requests, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: MatsPalmgren_bugz, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, topcrash, user-doc-needed, Whiteboard: [crashkill][crashkill-thirdparty][3.6.x])
Crash Data
There are ~1600 crash reports in WSOFFAddOn.dll in the past week. http://crash-stats.mozilla.com/query/query?version=ALL%3AALL&date=&range_value=1&range_unit=weeks&query_search=signature&query_type=contains&query=WSOFFAddOn&do_query=1 http://cc.bingj.com/cache.aspx?q=%22wsoffaddon+dll%22&d=173207983928&mkt=sv-SE&setlang=en-US&w=a9732106,84b96d22 suggests it's installed under: c:\program files\web search operator\3.1.0.1800\ff\components\WSOFFAddOn.dll and when renaming the files Firefox stopped crashing. Apparently it's related to "HottieStar Toolbar": (WARNING: soft porn pictures) http://www.hottiestar.com/
|
||
Comment 1•15 years ago
|
||
should also get some SUMO love on pages that talk about taking care in downloading software, and removal of problems related to crashing and search popups and pop-unders.
Keywords: user-doc-needed
|
|
||
Comment 2•15 years ago
|
||
and we could consider blocklisting on a typical day here is the breakdown of crashes across releases
checking --- 20091211-crashdata.csv WSOFFAddOn.dll@0x95fd
release total-crashes
WSOFFAddOn.dll@0x95fd crashes
pct.
all 222413 325 0.00146125
3.0.15 41096 56 0.00136266
3.5.5 122770 138 0.00112405
3.6b4 20994 91 0.00433457
3.6b3 803 4 0.00498132
3.6b2 890 1 0.0011236
3.6b1 2371 5 0.00210881
apparently malware bytes deletes the module
http://www.bleepingcomputer.com/forums/topic274809.html
one signature is associated with version 1840 and the other signature is associated with version 1800
WSOFFAddOn.dll@0x95fd|EXCEPTION_ACCESS_VIOLATION (43 crashes)
100% (43/43) vs. 1% (127/16853) WSOCommon.dll
0% (0/43) vs. 0% (77/16853) 3.1.0.1800
100% (43/43) vs. 0% (50/16853) 3.1.0.1840
WSOFFAddOn.dll@0x955d|EXCEPTION_ACCESS_VIOLATION (45 crashes)
100% (45/45) vs. 1% (127/16853) WSOCommon.dll
100% (45/45) vs. 0% (77/16853) 3.1.0.1800
0% (0/45) vs. 0% (50/16853) 3.1.0.1840Blocks: malware-attacks
Flags: blocking-firefox3.6?
Summary: Crash [@WSOFFAddOn.dll@0x955d ] and [@WSOFFAddOn.dll@0xc4bc ] → Crash [@ WSOFFAddOn.dll@0x955d ] and [@ WSOFFAddOn.dll@0xc4bc ]
Whiteboard: [crashkill][crashkill-thirdparty]
|
|
||
Updated•15 years ago
|
Component: General → Blocklisting
Product: Firefox → addons.mozilla.org
QA Contact: general → blocklisting
|
|
||
Comment 4•15 years ago
|
||
and ranked #100 and #146 on 3.5.5 and rising. would be higher if you combine the two signatures.
|
|
||
Comment 5•15 years ago
|
||
http://www.exterminate-it.com/malpedia/remove-doubled indicates "Web Search Operator" maybe part of DoubleD. more on DoubleD in bug 512785
Blocks: 512785
|
||
Comment 6•15 years ago
|
||
We can blocklist this when we get confirmation from the vendor or discover that we're unable to reach them for comment. Not blocking the final release at this time.
Flags: blocking-firefox3.6? → blocking-firefox3.6-
Whiteboard: [crashkill][crashkill-thirdparty] → [crashkill][crashkill-thirdparty][3.6.x]
|
|
||
Comment 7•15 years ago
|
||
3.6b5 ranking and volume #95 .13 WSOFFAddOn.dll@0x9c5d #115 .12 WSOFFAddOn.dll@0x95fd #132 .11 WSOFFAddOn.dll@0x955d #191 .07 WSOFFAddOn.dll@0x9c6d that works out to be #18 .43 WSOFFAddOn.dll combined I've searched for "WSOFFAddOn.dll" and "Web Search Operator" with no luck in trying to identify a vendor or vendor site. All I found were malware bytes/other virus scanner logs where the file was removed or was quarantined. I think its unlikely that a vendor will turn up for this one. Some of the scanner logs make it look like its dropped into components directory, so I'm wondering why component blocking isn't having an impact in reducing on 3.6b5. maybe the registry entries are just misnamed.
Flags: wanted-firefox3.6?
|
|
||
Comment 8•15 years ago
|
||
the set of urls we are crashing on is pretty evil stuff. guessing we might be crashing on the malware popups that have evil content.
|
|
||
Comment 9•14 years ago
|
||
behind flash, and a couple of windows .dll's, crashes, WSOFFAddOn.dll ranks around #4-10 when looking at just the .dll crash signatures in 3.6. johnath, what do you think about blocking?
|
||
Comment 10•14 years ago
|
||
One of the extensions loading this file, that should be included in any blocklisting, is:
WSO Helper Class
4.1.0.2080
true
{E63605FC-D583-4C81-867F-9457BDB3EA1B}
A user on SUMO confirmed that disabling this stops the crash.
|
Assignee | |
Updated•13 years ago
|
Crash Signature: [@ WSOFFAddOn.dll@0x955d ]
[@ WSOFFAddOn.dll@0xc4bc ]
|
||
Comment 11•13 years ago
|
||
There have been no crashes with signatures containing wsoffaddon in versions above 4.0 for the last four weeks. I close it as WFM.
Status: NEW → RESOLVED
Crash Signature: [@ WSOFFAddOn.dll@0x955d ]
[@ WSOFFAddOn.dll@0xc4bc ] → [@ WSOFFAddOn.dll@0x955d ]
[@ WSOFFAddOn.dll@0xc4bc ]
Closed: 13 years ago
Resolution: --- → WORKSFORME
|
|
Assignee | |
Updated•8 years ago
|
Product: addons.mozilla.org → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•