Last Comment Bug 603162 - Let's consider blocking flash.ocx (Flash ActiveX) or npmywebs.dll
: Let's consider blocking flash.ocx (Flash ActiveX) or npmywebs.dll
Status: RESOLVED WONTFIX
:
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: x86 Windows XP
: -- blocker (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
Mentors:
http://www.threatexpert.com/files/npm...
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-10-10 02:02 PDT by timeless
Modified: 2016-03-07 15:30 PST (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description timeless 2010-10-10 02:02:43 PDT
http://www.threatexpert.com/files/npmywebs.dll.html
> Across all ThreatExpert reports, the file "npmywebs.dll" has always been identified as a threat.
> File "npmywebs.dll" has the following statistics:
> Total number of reports analysed	611,932
> Number of cases that involved the file "npmywebs.dll"	135
> Number of incidents when this file was found to be a threat	135
> Statistical volume of cases when "npmywebs.dll" was a threat	100%

That's pretty bad :)

Signature	flash.ocx@32daa
UUID	3d948b96-8e93-4a7e-915f-ef2912100915
Process Type	
Time 	2010-09-15 19:09:11.796766
Uptime	199
Install Age	396 seconds (6.6 minutes) since version was first installed.
Product	Firefox
Version	3.6.10
Build ID	20100914125854
Branch	1.9.2
OS	Windows NT
OS Version	5.1.2600 Service Pack 2
CPU	x86
CPU Info	GenuineIntel family 6 model 8 stepping 1
Crash Reason	EXCEPTION_ACCESS_VIOLATION_READ
Crash Address	13e468
User Comments	
Processor Notes 	
No module was identified as Flash
EMCheckCompatibility	True
Crashing Thread
Frame 	Module 	Signature [Expand] 	Source
0 	flash.ocx 	flash.ocx@32daa 	
1 	flash.ocx 	flash.ocx@34b72 	
2 	flash.ocx 	flash.ocx@36341 	
3 	flash.ocx 	flash.ocx@3639e 	
4 	flash.ocx 	flash.ocx@3639e 	
5 	flash.ocx 	flash.ocx@360dd 	
6 	flash.ocx 	flash.ocx@36383 	
7 	flash.ocx 	flash.ocx@3639e 	
8 	flash.ocx 	flash.ocx@29b20 	
9 	flash.ocx 	flash.ocx@69baa 	
10 	flash.ocx 	flash.ocx@6c0f8 	
11 	flash.ocx 	flash.ocx@5f2a1 	
12 	flash.ocx 	flash.ocx@5f1f5 	
13 	mshtml.dll 	mshtml.dll@1f2d42 	
14 	mshtml.dll 	mshtml.dll@aecaa 	
15 	mshtml.dll 	mshtml.dll@ac5fe 	
16 	mshtml.dll 	mshtml.dll@ad311 	
17 	mshtml.dll 	mshtml.dll@ad245 	
18 	mshtml.dll 	mshtml.dll@aca69 	
19 	mshtml.dll 	mshtml.dll@ad311 	
20 	mshtml.dll 	mshtml.dll@ad245 	
21 	mshtml.dll 	mshtml.dll@aca69 	
22 	mshtml.dll 	mshtml.dll@ad311 	
23 	mshtml.dll 	mshtml.dll@ad245 	
24 	mshtml.dll 	mshtml.dll@aca69 	
25 	mshtml.dll 	mshtml.dll@ad311 	
26 	mshtml.dll 	mshtml.dll@ad245 	
27 	mshtml.dll 	mshtml.dll@aca69 	
28 	mshtml.dll 	mshtml.dll@ad311 	
29 	mshtml.dll 	mshtml.dll@bc77f 	
30 	mshtml.dll 	mshtml.dll@123566 	
31 	mshtml.dll 	mshtml.dll@adcdc 	
32 	mshtml.dll 	mshtml.dll@10132b 	
33 	mshtml.dll 	mshtml.dll@82921 	
34 	mshtml.dll 	mshtml.dll@8289e 	
35 	mshtml.dll 	mshtml.dll@6865a 	
36 	user32.dll 	InternalCallWinProc 	
37 	user32.dll 	UserCallWinProcCheckWow 	
38 	user32.dll 	DispatchClientMessage 	
39 	user32.dll 	__fnDWORD 	
40 	ntdll.dll 	KiUserCallbackDispatcher 	
41 	mshtml.dll 	mshtml.dll@685e4 	
42 	user32.dll 	DispatchMessageW 	
43 	xul.dll 	nsAppShell::ProcessNextNativeEvent 	widget/src/windows/nsAppShell.cpp:179
44 	nspr4.dll 	PR_IntervalNow 	nsprpub/pr/src/misc/prinrval.c:77
45 	xul.dll 	nsBaseAppShell::OnProcessNextEvent 	widget/src/xpwidgets/nsBaseAppShell.cpp:311
46 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:508
47 	xul.dll 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:142
48 	xul.dll 	xul.dll@9604c7 	
49 	xul.dll 	MessageLoop::RunHandler 	ipc/chromium/src/base/message_loop.cc:199
50 	mozcrt19.dll 	malloc 	obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:5790
51 	xul.dll 	xul.dll@2ef303 	
52 	xul.dll 	xul.dll@30ab2f 	
53 	firefox.exe 	firefox.exe@1b97 	
54 	kernel32.dll 	GetCodePageFileInfo 	
55 	kernel32.dll 	BaseProcessStart 	
56 	firefox.exe 	firefox.exe@183f 	

Filename 	Version 	Debug Identifier 	Debug Filename
M3HTML.DLL 	1.0.3.17 	46153F4D2 	m3Html.pdb
NPMYWEBS.DLL 	1.0.0.0 	4C75A6D41 	NPMyWebS.pdb
M3PLUGIN.DLL 	1.1.0.6 	4C75A6D81 	m3Plugin.pdb
MWSBAR.DLL 	2.3.70.1 	4C75A7013 	mwsBar.pdb
F3HTMLMU.DLL 	1.1.2.2 	49662BD78 	F3HTMLMU.pdb
MWSOESTB.DLL 	1.2.4.0 	4B2AF61A1 	mwsoestb.pdb
flash.ocx 	7.0.19.0 		

Note that I can't see any other way for flash.ocx to have ended up in our process. Maybe I missed something? I'm perfectly fine w/ blocking both files. If a vendor comes to us and explains *why* they want flash.ocx in our process, we can consider unblocking it. Until then I'd rather it not be allowed in.
Comment 1 Jorge Villalobos [:jorgev] 2013-06-14 10:25:07 PDT
Closing old blocklist bugs. Please reopen if the problem still exists.

Note You need to log in before you can comment on or make changes to this bug.