Last Comment Bug 603162 - Let's consider blocking flash.ocx (Flash ActiveX) or npmywebs.dll
: Let's consider blocking flash.ocx (Flash ActiveX) or npmywebs.dll
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: x86 Windows XP
-- blocker (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
: Jorge Villalobos [:jorgev]
Depends on:
  Show dependency treegraph
Reported: 2010-10-10 02:02 PDT by timeless
Modified: 2016-03-07 15:30 PST (History)
3 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description User image timeless 2010-10-10 02:02:43 PDT
> Across all ThreatExpert reports, the file "npmywebs.dll" has always been identified as a threat.
> File "npmywebs.dll" has the following statistics:
> Total number of reports analysed	611,932
> Number of cases that involved the file "npmywebs.dll"	135
> Number of incidents when this file was found to be a threat	135
> Statistical volume of cases when "npmywebs.dll" was a threat	100%

That's pretty bad :)

Signature	flash.ocx@32daa
UUID	3d948b96-8e93-4a7e-915f-ef2912100915
Process Type	
Time 	2010-09-15 19:09:11.796766
Uptime	199
Install Age	396 seconds (6.6 minutes) since version was first installed.
Product	Firefox
Version	3.6.10
Build ID	20100914125854
Branch	1.9.2
OS	Windows NT
OS Version	5.1.2600 Service Pack 2
CPU	x86
CPU Info	GenuineIntel family 6 model 8 stepping 1
Crash Address	13e468
User Comments	
Processor Notes 	
No module was identified as Flash
EMCheckCompatibility	True
Crashing Thread
Frame 	Module 	Signature [Expand] 	Source
0 	flash.ocx 	flash.ocx@32daa 	
1 	flash.ocx 	flash.ocx@34b72 	
2 	flash.ocx 	flash.ocx@36341 	
3 	flash.ocx 	flash.ocx@3639e 	
4 	flash.ocx 	flash.ocx@3639e 	
5 	flash.ocx 	flash.ocx@360dd 	
6 	flash.ocx 	flash.ocx@36383 	
7 	flash.ocx 	flash.ocx@3639e 	
8 	flash.ocx 	flash.ocx@29b20 	
9 	flash.ocx 	flash.ocx@69baa 	
10 	flash.ocx 	flash.ocx@6c0f8 	
11 	flash.ocx 	flash.ocx@5f2a1 	
12 	flash.ocx 	flash.ocx@5f1f5 	
13 	mshtml.dll 	mshtml.dll@1f2d42 	
14 	mshtml.dll 	mshtml.dll@aecaa 	
15 	mshtml.dll 	mshtml.dll@ac5fe 	
16 	mshtml.dll 	mshtml.dll@ad311 	
17 	mshtml.dll 	mshtml.dll@ad245 	
18 	mshtml.dll 	mshtml.dll@aca69 	
19 	mshtml.dll 	mshtml.dll@ad311 	
20 	mshtml.dll 	mshtml.dll@ad245 	
21 	mshtml.dll 	mshtml.dll@aca69 	
22 	mshtml.dll 	mshtml.dll@ad311 	
23 	mshtml.dll 	mshtml.dll@ad245 	
24 	mshtml.dll 	mshtml.dll@aca69 	
25 	mshtml.dll 	mshtml.dll@ad311 	
26 	mshtml.dll 	mshtml.dll@ad245 	
27 	mshtml.dll 	mshtml.dll@aca69 	
28 	mshtml.dll 	mshtml.dll@ad311 	
29 	mshtml.dll 	mshtml.dll@bc77f 	
30 	mshtml.dll 	mshtml.dll@123566 	
31 	mshtml.dll 	mshtml.dll@adcdc 	
32 	mshtml.dll 	mshtml.dll@10132b 	
33 	mshtml.dll 	mshtml.dll@82921 	
34 	mshtml.dll 	mshtml.dll@8289e 	
35 	mshtml.dll 	mshtml.dll@6865a 	
36 	user32.dll 	InternalCallWinProc 	
37 	user32.dll 	UserCallWinProcCheckWow 	
38 	user32.dll 	DispatchClientMessage 	
39 	user32.dll 	__fnDWORD 	
40 	ntdll.dll 	KiUserCallbackDispatcher 	
41 	mshtml.dll 	mshtml.dll@685e4 	
42 	user32.dll 	DispatchMessageW 	
43 	xul.dll 	nsAppShell::ProcessNextNativeEvent 	widget/src/windows/nsAppShell.cpp:179
44 	nspr4.dll 	PR_IntervalNow 	nsprpub/pr/src/misc/prinrval.c:77
45 	xul.dll 	nsBaseAppShell::OnProcessNextEvent 	widget/src/xpwidgets/nsBaseAppShell.cpp:311
46 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:508
47 	xul.dll 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:142
48 	xul.dll 	xul.dll@9604c7 	
49 	xul.dll 	MessageLoop::RunHandler 	ipc/chromium/src/base/
50 	mozcrt19.dll 	malloc 	obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:5790
51 	xul.dll 	xul.dll@2ef303 	
52 	xul.dll 	xul.dll@30ab2f 	
53 	firefox.exe 	firefox.exe@1b97 	
54 	kernel32.dll 	GetCodePageFileInfo 	
55 	kernel32.dll 	BaseProcessStart 	
56 	firefox.exe 	firefox.exe@183f 	

Filename 	Version 	Debug Identifier 	Debug Filename
M3HTML.DLL 	46153F4D2 	m3Html.pdb
M3PLUGIN.DLL 	4C75A6D81 	m3Plugin.pdb
MWSBAR.DLL 	4C75A7013 	mwsBar.pdb
MWSOESTB.DLL 	4B2AF61A1 	mwsoestb.pdb

Note that I can't see any other way for flash.ocx to have ended up in our process. Maybe I missed something? I'm perfectly fine w/ blocking both files. If a vendor comes to us and explains *why* they want flash.ocx in our process, we can consider unblocking it. Until then I'd rather it not be allowed in.
Comment 1 User image Jorge Villalobos [:jorgev] 2013-06-14 10:25:07 PDT
Closing old blocklist bugs. Please reopen if the problem still exists.

Note You need to log in before you can comment on or make changes to this bug.