Closed Bug 615518 Opened 14 years ago Closed 14 years ago

Blocklist RelevantKnowledge extension because of crashes [@ rlxg.dll@0x12da1 ][@ rlxg.dll@0x9ef3 ][@ rlxg.dll@0x1167a ]

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox5 + fixed
blocking2.0 --- -

People

(Reporter: scoobidiver, Assigned: fligtar)

References

Details

(Keywords: crash, topcrash, Whiteboard: [server side][hardblocker][noncode])

Crash Data

It is #44 top crasher in 4.0b7 for the last 2 weeks. RelevantKnowledge seems to be a spyware. May be this dll file/extension must be blocked. Signature rlxg.dll@0x12da1 UUID f8b2368a-6a7e-439d-a6d8-9fc282101129 Time 2010-11-29 20:58:45.363214 Uptime 215909 Last Crash 495881 seconds (5.7 days) before submission Install Age 997257 seconds (1.6 weeks) since version was first installed. Product Firefox Version 4.0b7 Build ID 20101104142426 Branch 2.0 OS Windows NT OS Version 5.1.2600 Service Pack 3 CPU x86 CPU Info GenuineIntel family 6 model 9 stepping 5 Crash Reason Unhandled C++ Exception Crash Address 0x7c812afb App Notes AdapterVendorID: 8086, AdapterDeviceID: 3582 Frame Module Signature [Expand] Source 0 kernel32.dll RaiseException 1 rlxg.dll rlxg.dll@0x12da1 2 rlxg.dll rlxg.dll@0x5e89 3 rlxg.dll rlxg.dll@0x5c95 4 rlxg.dll rlxg.dll@0x10fa8 5 rlxg.dll rlxg.dll@0x11464 6 rlxg.dll rlxg.dll@0x114be 7 xul.dll nsHttpChannel::OnStopRequest netwerk/protocol/http/nsHttpChannel.cpp:3959 8 xul.dll nsInputStreamPump::OnStateStop netwerk/base/src/nsInputStreamPump.cpp:578 9 xul.dll nsInputStreamPump::OnInputStreamReady netwerk/base/src/nsInputStreamPump.cpp:403 10 xul.dll nsInputStreamReadyEvent::Run xpcom/io/nsStreamUtils.cpp:112 11 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:609 12 xul.dll nsThread::PutEvent xpcom/threads/nsThread.cpp:392 13 xul.dll NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:250 14 xul.dll nsThread::Shutdown xpcom/threads/nsThread.cpp:491 15 mozcrt19.dll arena_dalloc obj-firefox/memory/jemalloc/crtsrc/jemalloc.c:4281 16 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102 17 xul.dll nsProxyObjectCallInfo::Run xpcom/proxy/src/nsProxyEvent.cpp:181 18 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:609 19 xul.dll nsThread::PutEvent xpcom/threads/nsThread.cpp:392 20 xul.dll NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:250 21 xul.dll nsThread::Shutdown xpcom/threads/nsThread.cpp:491 22 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:102 23 xul.dll nsProxyObjectCallInfo::Run xpcom/proxy/src/nsProxyEvent.cpp:181 24 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:609 25 nspr4.dll _MD_CURRENT_THREAD nsprpub/pr/src/threads/combined/prulock.c:404 26 nspr4.dll _MD_CURRENT_THREAD nsprpub/pr/src/threads/combined/prulock.c:404 27 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110 28 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:202 29 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:176 30 xul.dll nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:181 31 xul.dll xul.dll@0xb0a483 32 xul.dll nsAppStartup::Run toolkit/components/startup/src/nsAppStartup.cpp:191 33 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:3682 34 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:129 35 firefox.exe __tmainCRTStartup obj-firefox/memory/jemalloc/crtsrc/crtexe.c:591 36 kernel32.dll BaseProcessStart More reports at: http://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=rlxg.dll%400x12da1&version=Firefox%3A4.0b7
It is #21 top crasher in 4.0b8 for the last week.
blocking2.0: --- → ?
I think you're probably right considering it's widely considered spyware.
It is #17 top crasher in 4.0b9 for the last week. Here is more information on this spyware: http://www.spywareremove.com/removeRelevantKnowledge.html
Component: Networking → Blocklisting
Product: Core → addons.mozilla.org
QA Contact: networking → blocklisting
Summary: crash [@ rlxg.dll@0x12da1 ] with RelevantKnowledge extension → Blocklist RelevantKnowledge extension because of crashes [@ rlxg.dll@0x12da1 ]
Version: Trunk → unspecified
blocking2.0: ? → -
I believe the extension id is {6E19037A-12E3-4295-8915-ED48BC341614}. Unclear if we should just block the rlxg.dll. We're also seeing this on branch.
Here are 4.0b11 add-on & module correlations: rlxg.dll@0x12da1|Unhandled C++ Exception (142 crashes) 100% (142/142) vs. 1% (251/38786) rlxg.dll (1.3.328.4) 99% (141/142) vs. 1% (407/38786) {6E19037A-12E3-4295-8915-ED48BC341614} (*xg.dll (RelevantKnowledge), http://www.relevantknowledge.com/) (1.3.328.4) The crash report without the extension is probably due to a bug in Socorro or Breakpad where sometimes extensions are missing in crash reports. It is #18 top crasher in 4.0b11 and #46 top crasher in 3.6.13.
Depends on: 523784
Summary: Blocklist RelevantKnowledge extension because of crashes [@ rlxg.dll@0x12da1 ] → Blocklist RelevantKnowledge extension because of crashes [@ rlxg.dll@0x12da1 ][@ rlxg.dll@0x9ef3 ]
With combined signatures, it is #9 top crasher in 4.0b11 and #40 in 3.6.13.
blocking2.0: - → ?
Keywords: topcrash
Assignee: nobody → fligtar
blocking2.0: ? → final+
Whiteboard: [blocklist range needed][server side]
We've been in touch with Comscore before about crashes caused by their extension (see bug 521745), Damon has contact info iirc.
Whiteboard: [blocklist range needed][server side] → [blocklist range needed][server side][hardblocker]
extension id: {6E19037A-12E3-4295-8915-ED48BC341614} version: 1.3.328.4 and lower Firefox versions: all
Blocked on staging and ready for testing. https://wiki.mozilla.org/Blocklisting/Testing <emItem id="{6E19037A-12E3-4295-8915-ED48BC341614}"> <versionRange minVersion="0.1" maxVersion="1.3.328.4" severity="1"/> </emItem> Over to Kev for outreach.
Assignee: fligtar → kev
Whiteboard: [blocklist range needed][server side][hardblocker] → [server side][hardblocker][needs testing][needs outreach]
Whiteboard: [server side][hardblocker][needs testing][needs outreach] → [server side][hardblocker][needs testing][needs outreach][noncode]
I wouldn't hold the release for outreach here. Let's get the block in place and test it asap.
The block is already staged and ready for testing. We don't blocklist without telling the vendor about it first unless it's malware.
(In reply to comment #12) > The block is already staged and ready for testing. We don't blocklist without > telling the vendor about it first unless it's malware. Well, technically, we have done this as there are a ton of addons without contact info, BUT to make people happy here, I just talked to Yvonne, a director at ComScore (See contact info in bug 525974 ). It's night there, but she's calling her head engineer to address the issue and promised get back to us in this bug by tomorrow.
See also bug 521748.
I searched far and wide for all sorts of wares that could bundle this thing, but none of them had the extension we were looking for. If there's a way to build a dummy add-on that builds the blocklisting criteria in comment #10, let me know.
Try MediaCoder [1] or VideoInspector [2], maybe? [1] http://www.mediacoderhq.com/ [2] http://www.kcsoftwares.com/index.php?vtb
I did, but those didn't seem to install the extension and/or dlls we are blocklisting. Instead, some of those bundles installed up to 5 extensions and all sorts of dlls were spawned after installing.
Assignee: kev → fligtar
Whiteboard: [server side][hardblocker][needs testing][needs outreach][noncode] → [server side][hardblocker][needs testing][noncode]
I got it through www.permissionresearch.com for bug 521748 iirc.
comScore has been informed of the issue and we are currently working to replicate the crash. We have two engineers and the QA team looking into the code. From the stack traces, we have some thoughts as to which module in the add-on might be the issue.
Thanks for the update, ybigbee. I'm going to go ahead with the block for Firefox 4 only and will wait to block in 3.6 and below for you to issue the updated version. Please keep us updated in this bug.
Whiteboard: [server side][hardblocker][needs testing][noncode] → [server side][hardblocker][noncode]
Blocks: 638234
Filed bug 638234 so we don't forget to block in 3.6 when the update is issued, and bug 638231 for the website update.
Depends on: 638231
(In reply to comment #18) > I got it through www.permissionresearch.com for bug 521748 iirc. This time I've tried installing all of the downloads listed, and now I can see a rlvknlg.exe running in the list of processes. The extension isn't shown in the list of add-ons. However, after flipping the prefs in order to test the blocklisting and restarting the browser, I now see an extension not previously shown "RelevantKnowledge 1.3.328.4 (disabled)." So the blocklist seems to be working. Once it's live on production, I'll check it again.
Blocked in production for Firefox 4.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Blocks: 638425
9 days after the blocking, crashes are still happening in 4.0 RC1: https://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=rlxg.dll%400x12da1 The extension blocklisting is not enough to prevent crashes. The DLL blocklisting should be used. See also bug 629634 where the extension blocklisting didn't prevent crashes.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Is it possible that the extension blocklist blocked some of the crashes but not all (e.g. ones that happen too early in startup for the extension blocklist to be effective)? bsmedberg was saying he doesn't see these signatures on the top crash list any more, which suggests that the DLL blocklist piece might not, on its own, be blocking.
blocking2.0: final+ → ?
In reply to comment 25 > Is it possible that the extension blocklist blocked some of the crashes but not > all (e.g. ones that happen too early in startup for the extension blocklist to > be effective)? Indeed, in a steady state, with combined signatures, it is only #49 top crasher in 4.0b12 (#9 two weeks ago, see comment 7), so the current blocklist is partially effective. Remaining crashes don't occur at startup (uptime higher than 120 seconds except 2 crashes), so it is not caused by a blocklist delay. When an add-on is blocklisted, does it show up in the extension tab of crash reports? Is there a way to by-pass the add-on blocklist (add-on compatibility reporter or preferences in about:config for instance)?
Summary: Blocklist RelevantKnowledge extension because of crashes [@ rlxg.dll@0x12da1 ][@ rlxg.dll@0x9ef3 ] → Blocklist RelevantKnowledge extension because of crashes [@ rlxg.dll@0x12da1 ][@ rlxg.dll@0x9ef3 ][@ rlxg.dll@0x1167a ]
Due to the current frequency, this no longer needs to block.
blocking2.0: ? → -
If this is on my system, how would I know. If it is on here, then I'd like to remove it. Thank you.
(In reply to comment #28) > If this is on my system, how would I know. If it is on here, then I'd like > to remove it. If you crash with one of the crash signatures in the bug summary, then Relevant Knowledge is installed. Uninstall it as any Windows programs. See http://www.ehow.com/how_5634500_remove-relevant-knowledge-spyware.html
tracking-firefox5: --- → +
Is this sufficiently blocklisted that we no longer need to track this for Firefox 5?
marcia and smooney to check volume in the latest beta and report back.
(In reply to comment #31) > marcia and smooney to check volume in the latest beta and report back. ping.
I received an email from bugzilla and have no idea why. Might you be so kind as to tell me what this is about as it has me concerned? Thank you, Lee Hollimon
(In reply to comment #33) > I received an email from bugzilla and have no idea why. Might you be so kind > as to tell me what this is about as it has me concerned? > Thank you, > Lee Hollimon When you replied to this bug thread in comment 28, it added your email address to the CC list, so you would receive notifications of further replies/changes to the bug. To remove yourself, go to the bug and see top right of the screen where there is a CC list, choose edit->remove, select your email and press submit for the page.
So far I do not see these signatures showing up in Beta 3 data.
This is fixed. Yay!
Status: REOPENED → RESOLVED
Closed: 14 years ago14 years ago
status-firefox5: --- → fixed
Resolution: --- → FIXED
Crash Signature: [@ rlxg.dll@0x12da1 ] [@ rlxg.dll@0x9ef3 ] [@ rlxg.dll@0x1167a ]
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.