Last Comment Bug 690184 - Blocklist McAfee ScriptScan for Firefox and McAfee SiteAdvisor due to explosive crashes
: Blocklist McAfee ScriptScan for Firefox and McAfee SiteAdvisor due to explosi...
Status: RESOLVED FIXED
[extension][softblock][3rd-party-bust...
:
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: x86 Windows 7
: -- critical (vote)
: ---
Assigned To: Justin Scott [:fligtar]
:
Mentors:
https://addons.mozilla.org/en-US/fire...
Depends on:
Blocks: 688637 691221
  Show dependency treegraph
 
Reported: 2011-09-28 17:42 PDT by Marcia Knous [:marcia - use ni]
Modified: 2016-03-07 15:30 PST (History)
10 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Marcia Knous [:marcia - use ni] 2011-09-28 17:42:44 PDT
Bug 690139 - 3432 crashes in the last week.
Bug 688637 - 6691 crashes in the last week

Both crashes are highly correlated to:

99% (430/435) vs.   2% (2628/116041) {D19CA586-DD6C-4a0a-96F8-14644F340D60}
59% (256/435) vs.   4% (4235/116041) {4ED1F68A-5463-4931-9384-8FFF5ED91D92

and are hitting 6.0.2 and 7 users.

KaiRo makes a good point in Bug 688637 Comment 3.
Comment 1 Robert Kaiser 2011-09-28 17:46:54 PDT
Umm, we should give an explicit version range for both the add-ons and the product versions on which to block them. As this is not a malicious thing by itself, I think we should softblock (i.e. allow users to enable again) and only block the actual range of versions that cause problems.
Comment 2 Marcia Knous [:marcia - use ni] 2011-09-28 18:07:14 PDT
Yes, working on getting that now.

(In reply to Robert Kaiser (:kairo@mozilla.com) from comment #1)
> Umm, we should give an explicit version range for both the add-ons and the
> product versions on which to block them. As this is not a malicious thing by
> itself, I think we should softblock (i.e. allow users to enable again) and
> only block the actual range of versions that cause problems.
Comment 3 Marcia Knous [:marcia - use ni] 2011-09-28 18:20:03 PDT
Just for historical purposes, last time we blocked Site Advisor we did it a hardblock. See Bug 660111.
Comment 4 Marcia Knous [:marcia - use ni] 2011-09-28 19:24:26 PDT
McAfee SiteAdvisor
Extension ID: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}
Extension Version: <= 3.4.0
Firefox Version: >= 

McAfee Script Scan
Extension ID: {D19CA586-DD6C-4a0a-96F8-14644F340D60}
Extension Version: <= 14.4.0
Firefox Version: >= 

Regarding Firefox versions, these crashes happen across most major versions - I can roll up a list of all versions, unless we just want to block the highest volume versions.

https://community.mcafee.com/message/207139 has some screenshot of the extensions in action.
Comment 5 Robert Kaiser 2011-09-29 09:35:57 PDT
Across all Firefox versions should be OK if we have a max version of the add-on that's blocked, so they can release a fixed version easily.
Comment 6 Marcia Knous [:marcia - use ni] 2011-09-29 13:44:11 PDT
I have installed the combination of Site Advisor and Script Scan (Total Protection Package) in the QA lab but have not yet been able to reproduce the crash. 

McAfee is aware of the issue and we are working on refining the block criteria.
Comment 7 Justin Scott [:fligtar] 2011-09-30 13:41:07 PDT
I've staged the block and it's ready for testing: https://wiki.mozilla.org/Blocklisting/Testing

https://addons-dev.allizom.org/blocklist/3/%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D/7.0/Firefox/20101228030339/Darwin_x86_64-gcc3-u-i386-x86_64/en-US/nightly/Darwin%2010.6.0/default/default/10/

<emItem  blockID="i48" id="{D19CA586-DD6C-4a0a-96F8-14644F340D60}">
    <versionRange  minVersion="0.1" maxVersion="14.4.0" severity="1"></versionRange>
</emItem>
Comment 8 Marcia Knous [:marcia - use ni] 2011-09-30 15:06:44 PDT
Looks good. I tested using the following versions on XP:

Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0

Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0

Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1

I also tested three different versions on a Windows 7 x64 machine and the blocklist was fine.
Comment 9 Marcia Knous [:marcia - use ni] 2011-09-30 15:18:36 PDT
For the sake of completeness, here are the 3 Win 7 versions:

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0a2) Gecko/20110930 Firefox/9.0a2

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
Comment 10 Justin Scott [:fligtar] 2011-10-03 00:06:16 PDT
Thanks Marcia. I'll block this tomorrow morning in production (I try not to block on weekends when I may not be around to deal with any issues)
Comment 11 Justin Scott [:fligtar] 2011-10-03 09:39:58 PDT
Blocked in prod: https://addons.mozilla.org/en-US/firefox/blocked/i42
Comment 12 Anton van Bohemen 2011-11-28 04:58:03 PST
It looks like McAfee made a mistake with VirusScan Enterprise 8.8 Patch 1, their install.rdf for ScriptScan now contains:

    <em:id>{D19CA586-DD6C-4a0a-96F8-14644F340D60}</em:id>
    <em:type>2</em:type>
    <em:name>IDS_SS_NAME</em:name>
    <em:version>IDS_SS_VERSION</em:version>
    <em:creator>McAfee, Inc.</em:creator>

Which means, no version info. The Scriptff.dll file now has version 14.4.0.354 (or 14.4.0.375 if you have installed Hotfix 625756 - https://kc.mcafee.com/corporate/index?page=content&id=KB71083)

Is the blocklist looking at the install.rdf version or the dll version? Does the 8.8P1 version still causes crashes? More important, should this bug be reopened?

Note You need to log in before you can comment on or make changes to this bug.