Closed Bug 688637 Opened 8 years ago Closed 3 years ago

crash nsXBLProtoImplField::InstallField (McAfee Script Scan)

Categories

(Firefox :: General, defect, critical)

8 Branch
x86
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: marcia, Unassigned)

References

Details

(Keywords: crash, reproducible)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-e9c758c5-f7f8-4599-b480-eb1fb2110922 .
============================================================= 

Seen across Aurora, Firefox 7 betas and Firefox 6.x and culled from the explosive report for Firefox 7. https://crash-stats.mozilla.com/report/list?signature=nsXBLProtoImplField%3A%3AInstallField%28nsIScriptContext*%2C%20JSObject*%2C%20nsIPrincipal*%2C%20nsIURI*%2C%20int*%29

High correlation to McAfee Script Scan and Site Advisor

99% (430/435) vs.   2% (2628/116041) {D19CA586-DD6C-4a0a-96F8-14644F340D60}
59% (256/435) vs.   4% (4235/116041) {4ED1F68A-5463-4931-9384-8FFF5ED91D92

Frame 	Module 	Signature [Expand] 	Source
0 		@0x6c602689 	
1 	xul.dll 	nsXBLProtoImplField::InstallField 	content/xbl/src/nsXBLProtoImplField.cpp:144
2 	xul.dll 	NS_IsMainThread_P 	obj-firefox/xpcom/build/nsThreadUtils.cpp:138
3 	xul.dll 	XBLResolve 	content/xbl/src/nsXBLBinding.cpp:202


Adding Kev for the McAfee contact.
System Requirements from the McAfee site:

    Mac OS X Leopard and above
    Intel CPU
    Firefox 3 and above

They probably need to be a tad more specific about which Firefox versions are supported.
BL Candidate given the volume?
We had 1555 processed crashes on 6.* yesterday, with the 10% throttling rate, this means that roughly 15,000 crashes happened during a single day with this signature!

Something really needs to happen here, do we have any contact with them to get on this fast?
Bug 690184 filed for the blocklist.
Duplicate of this bug: 690139
[@ nsEventListenerManager::AddScriptEventListener(nsISupports*, nsIAtom*, nsAString_internal const&, unsigned int, int, int) ] is another signature showing up across all versions that is 99% correlated to Script Scan.
Crash Signature: [@ nsXBLProtoImplField::InstallField(nsIScriptContext*, JSObject*, nsIPrincipal*, nsIURI*, int*)] → [@ nsXBLProtoImplField::InstallField(nsIScriptContext*, JSObject*, nsIPrincipal*, nsIURI*, int*)] [@ nsEventListenerManager::AddScriptEventListener(nsISupports*, nsIAtom*, nsAString_internal const&, unsigned int, int, int) ]
Crash Signature: [@ nsXBLProtoImplField::InstallField(nsIScriptContext*, JSObject*, nsIPrincipal*, nsIURI*, int*)] [@ nsEventListenerManager::AddScriptEventListener(nsISupports*, nsIAtom*, nsAString_internal const&, unsigned int, int, int) ] → [@ nsXBLProtoImplField::InstallField(nsIScriptContext*, JSObject*, nsIPrincipal*, nsIURI*, int*)] [@ nsXBLPrototypeHandler::EnsureEventHandler(nsIScriptGlobalObject*, nsIScriptContext*, nsIAtom* nsScriptObjectHolder&) ] [@ nsEventListenerManager::AddScr…
21,387 crashes across all versions in the last week (I queried all 3 signatures) - seems as if the blocklist is having an effect.
I was able to reproduce the crash with the steps below. The crash is very reproducible with these steps for me.

Steps to reproduce:
1) Launch Firefox (I launched with a fresh profile)
2) Go to http://home.mcafee.com/store/free-antivirus-trials 
3) Download and install the McAfee Total Protection trial (needs some setting up including creating an account and system restart)
4) Restart Firefox and go to your add-ons
5) Make sure McAfee ScriptScan for Firefox 14.4.0 is installed and enabled
6) Go to http://www.ubuntu.com/download/ubuntu/download and download the iso file
7) Close FF (keep the download window/panel open)
8) Re-launch Firefox
9) Repeat steps 7 and 8 until a crash occurs
10) If the crash still does not occur, try downloading other files and a combination of closing Firefox, the download window and re-lauching Firefox and opening the download window.

The crash seems to occur because of ScriptScan because I tried the same steps with ScriptScan and McAfee SiteAdvisor disabled and the crash did not happen. I then tried with only SiteAdvisor enabled and the crash still did not happen. I then tried with only ScripScan enabled and the crash happened again. 

I'm using Windows 7 and Firefox 6.0 b5.

The crash dump can be found here (I have 4 more dumps if needed): https://crash-stats.mozilla.com/report/index/bp-251395b2-d8a0-41ab-b168-cc7ca2111006
Depends on: 690184
949 crashes in all versions across the 3 signatures. So it seems the situation is much better than the numbers we were seeing in Comment 8.
Please note that an update of McAfee Scriptscan has since been released, which may, in addition to adding the previous version to the BL, explain the reduction in the number of crashes.
McAfee VirusScan Enterprise 8.8 Patch 1 has a version error in the rdf file for ScriptScan, see bug 690184 comment #12, so the blocklist does not work anymore. However, after enabling sciptscan manually (by setting the version to 14.4.1 in install.rdf), I could not reproduce the crash by following the steps in comment #10.

I am using Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0 ID:20111104165243 and Scriptff.dll 14.4.0.375.
Crash Signature: , nsScriptObjectHolder&) ] [@ nsEventListenerManager::AddScriptEventListener(nsISupports*, nsIAtom*, nsAString_internal const&, unsigned int, int, int) ] → , nsScriptObjectHolder&) ] [@ nsEventListenerManager::AddScriptEventListener(nsISupports*, nsIAtom*, nsAString_internal const&, unsigned int, int, int) ] [@ nsXBLProtoImplField::InstallField] [@ nsXBLPrototypeHandler::EnsureEventHandler ] [@ nsEventLi…
Of the 3 signatures, nsXBLProtoImplField::InstallField has the most at 3 crashes at a mere 9 crashes for the past week. spike is certainly gone.

https://crash-stats.mozilla.com/signature/?signature=nsXBLProtoImplField%3A%3AInstallField&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&page=1#reports
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.