Note: There are a few cases of duplicates in user autocompletion which are being worked on.

Blocklist McAfee ScriptScan for Firefox and McAfee SiteAdvisor due to explosive crashes

RESOLVED FIXED

Status

()

Toolkit
Blocklisting
--
critical
RESOLVED FIXED
6 years ago
a year ago

People

(Reporter: marcia, Assigned: fligtar)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [extension][softblock][3rd-party-bustage], URL)

(Reporter)

Description

6 years ago
Bug 690139 - 3432 crashes in the last week.
Bug 688637 - 6691 crashes in the last week

Both crashes are highly correlated to:

99% (430/435) vs.   2% (2628/116041) {D19CA586-DD6C-4a0a-96F8-14644F340D60}
59% (256/435) vs.   4% (4235/116041) {4ED1F68A-5463-4931-9384-8FFF5ED91D92

and are hitting 6.0.2 and 7 users.

KaiRo makes a good point in Bug 688637 Comment 3.

Comment 1

6 years ago
Umm, we should give an explicit version range for both the add-ons and the product versions on which to block them. As this is not a malicious thing by itself, I think we should softblock (i.e. allow users to enable again) and only block the actual range of versions that cause problems.
(Reporter)

Comment 2

6 years ago
Yes, working on getting that now.

(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #1)
> Umm, we should give an explicit version range for both the add-ons and the
> product versions on which to block them. As this is not a malicious thing by
> itself, I think we should softblock (i.e. allow users to enable again) and
> only block the actual range of versions that cause problems.
(Reporter)

Comment 3

6 years ago
Just for historical purposes, last time we blocked Site Advisor we did it a hardblock. See Bug 660111.
(Reporter)

Comment 4

6 years ago
McAfee SiteAdvisor
Extension ID: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}
Extension Version: <= 3.4.0
Firefox Version: >= 

McAfee Script Scan
Extension ID: {D19CA586-DD6C-4a0a-96F8-14644F340D60}
Extension Version: <= 14.4.0
Firefox Version: >= 

Regarding Firefox versions, these crashes happen across most major versions - I can roll up a list of all versions, unless we just want to block the highest volume versions.

https://community.mcafee.com/message/207139 has some screenshot of the extensions in action.

Comment 5

6 years ago
Across all Firefox versions should be OK if we have a max version of the add-on that's blocked, so they can release a fixed version easily.
(Reporter)

Comment 6

6 years ago
I have installed the combination of Site Advisor and Script Scan (Total Protection Package) in the QA lab but have not yet been able to reproduce the crash. 

McAfee is aware of the issue and we are working on refining the block criteria.
(Assignee)

Comment 7

6 years ago
I've staged the block and it's ready for testing: https://wiki.mozilla.org/Blocklisting/Testing

https://addons-dev.allizom.org/blocklist/3/%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D/7.0/Firefox/20101228030339/Darwin_x86_64-gcc3-u-i386-x86_64/en-US/nightly/Darwin%2010.6.0/default/default/10/

<emItem  blockID="i48" id="{D19CA586-DD6C-4a0a-96F8-14644F340D60}">
    <versionRange  minVersion="0.1" maxVersion="14.4.0" severity="1"></versionRange>
</emItem>
Assignee: nobody → fligtar
Whiteboard: [extension][softblock][needs testing]
(Reporter)

Comment 8

6 years ago
Looks good. I tested using the following versions on XP:

Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0

Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0

Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1

I also tested three different versions on a Windows 7 x64 machine and the blocklist was fine.
(Reporter)

Comment 9

6 years ago
For the sake of completeness, here are the 3 Win 7 versions:

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0a2) Gecko/20110930 Firefox/9.0a2

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
(Assignee)

Comment 10

6 years ago
Thanks Marcia. I'll block this tomorrow morning in production (I try not to block on weekends when I may not be around to deal with any issues)
Whiteboard: [extension][softblock][needs testing] → [extension][softblock]
Blocks: 691221
(Assignee)

Comment 11

6 years ago
Blocked in prod: https://addons.mozilla.org/en-US/firefox/blocked/i42
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED

Updated

6 years ago
Blocks: 688637

Comment 12

6 years ago
It looks like McAfee made a mistake with VirusScan Enterprise 8.8 Patch 1, their install.rdf for ScriptScan now contains:

    <em:id>{D19CA586-DD6C-4a0a-96F8-14644F340D60}</em:id>
    <em:type>2</em:type>
    <em:name>IDS_SS_NAME</em:name>
    <em:version>IDS_SS_VERSION</em:version>
    <em:creator>McAfee, Inc.</em:creator>

Which means, no version info. The Scriptff.dll file now has version 14.4.0.354 (or 14.4.0.375 if you have installed Hotfix 625756 - https://kc.mcafee.com/corporate/index?page=content&id=KB71083)

Is the blocklist looking at the install.rdf version or the dll version? Does the 8.8P1 version still causes crashes? More important, should this bug be reopened?
Whiteboard: [extension][softblock] → [extension][softblock][3rd-party-bustage]
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.