Closed Bug 704125 Opened 8 years ago Closed 4 years ago

Firefox crash in gbmzh_bb.dll (Banco do Brasil)

Categories

(Firefox :: Extension Compatibility, defect, critical)

19 Branch
x86
Windows 7
defect
Not set
critical

Tracking

()

RESOLVED WORKSFORME
Tracking Status
firefox12 --- affected
firefox13 + affected
firefox19 --- affected

People

(Reporter: kairo, Unassigned)

References

Details

(Keywords: crash, Whiteboard: [startupcrash])

Crash Data

This bug was filed from the Socorro interface and is 
report bp-24285e75-fd35-4b2b-bcc0-799fd2111121 .
============================================================= 

Correlations for Firefox 7.0.1 Windows NT:

Modules:
100% (2768/2768) vs.   6% (3083/50330) gbmzh_bb.dll

According to web sources, this is:
Product: 	GBBD Banco do Brasil
Company: 	GAS Tecnologia
Description: 	Interceptador de eventos


Add-ons:
99% (2748/2768) vs.   7% (3358/50330) {87F8774F-B485-47E2-A755-A40A8A5E886C}

This seems to be "Módulo de Segurança - Banco do Brasil"


This seems related to bug 644850 from the summary, but this is a new crash for those people still left on Firefox 7.0.1, it started on Friday, 2011-11-18 and two days later, i.e. yesterday, it reached topcrash #3 on 7 with 1147 crashes per million ADU (2945 crashes processed, i.e. ~30,000 crashes reported).
I wonder if we need to contact the producers of this one or if we just hope that it goes away with sending those people an update to 8.0.1 in the next days.
it's now topcrash #2 on 7, only surpassed by that crasher from the Windows System Restore stuff.
I heard from GAS Tecnologia that they solved this on our side, but this seems to be up again on 7.0.1 for the users remaining on that version.
This now is rising with gbmzh_bb.dll@0x11270 on Firefox 8 and gbmzh_bb.dll@0x11247 on Firefox 9.
Crash Signature: [@ gbmzh_bb.dll@0x1142c] → [@ gbmzh_bb.dll@0x1142c] [@ gbmzh_bb.dll@0x11270] [@ gbmzh_bb.dll@0x11247]
Whiteboard: [explosive]
It seems correlated to the latest version (2.10.0.5.90) in 9.0.1:
  gbmzh_bb.dll@0x11247|EXCEPTION_ACCESS_VIOLATION_READ (8362 crashes)
     91% (7569/8362) vs.   7% (8616/126833) {87F8774F-B485-47E2-A755-A40A8A5E886C}
          0% (8/8362) vs.   0% (9/126833) 2.6.3.2
          0% (5/8362) vs.   0% (5/126833) 2.8.0.2.40
          0% (2/8362) vs.   0% (4/126833) 2.8.0.2.50
          0% (7/8362) vs.   0% (9/126833) 2.8.0.2.60
          0% (9/8362) vs.   0% (9/126833) 2.8.0.2.70
          1% (122/8362) vs.   0% (154/126833) 2.8.0.2.80
          0% (40/8362) vs.   0% (48/126833) 2.10.0.5.80
         88% (7376/8362) vs.   7% (8378/126833) 2.10.0.5.90
  gbmzh_bb.dll@0x38cf8|EXCEPTION_ACCESS_VIOLATION_EXEC (72 crashes)
     92% (66/72) vs.   7% (8616/126833) {87F8774F-B485-47E2-A755-A40A8A5E886C}
          1% (1/72) vs.   0% (4/126833) 2.8.0.2.50
         90% (65/72) vs.   7% (8378/126833) 2.10.0.5.90
  gbmzh_bb.dll@0x38cf8|EXCEPTION_ACCESS_VIOLATION_READ (16 crashes)
     81% (13/16) vs.   7% (8616/126833) {87F8774F-B485-47E2-A755-A40A8A5E886C}
          6% (1/16) vs.   0% (48/126833) 2.10.0.5.80
         75% (12/16) vs.   7% (8378/126833) 2.10.0.5.90
  gbmzh_bb.dll@0x13fece|Unhandled C++ Exception (12 crashes)
     42% (5/12) vs.   7% (8616/126833) {87F8774F-B485-47E2-A755-A40A8A5E886C}
         42% (5/12) vs.   7% (8378/126833) 2.10.0.5.90
Keywords: topcrash
Showing up again in the explosive report for Firefox 9: https://crash-analysis.mozilla.com/rkaiser/2012-01-19/2012-01-19.firefox.9.explosiveness.html. Let's see if we can get someone from the Brazilian community to help out here.
Adding Felipe in case he is familiar with this bank.
Banco do Brasil is the most popular bank in Brazil. They have an add-on with this binary component that is required to login to the online banking system if using Windows (on Mac they use a Java keyboard).
I'll investigate if they deployed a recent update.

I believe Chofmann has contacts there
The last update on their add-on is from Jan 10, 2012
Actually, there was an update in Jan 18, version 2.10.0.5.90.  Do we have add-on version data on this crash?

I logged in on their website using this version of the add-on and I didn't get a crash. The machine is running Win7 SP1 64bit.

I believe the add-on is used as a security feature during the login process on their website. However, none of the comments in the report https://crash-stats.mozilla.com/report/index/24285e75-fd35-4b2b-bcc0-799fd2111121 mention using the bank website, they just mention normal web browsing and then sudden crash. One mentions downloading a large file. I tried a 15mb download that completed successfully.
Crash Signature: [@ gbmzh_bb.dll@0x1142c] [@ gbmzh_bb.dll@0x11270] [@ gbmzh_bb.dll@0x11247] → [@ gbmzh_bb.dll@0x1142c] [@ gbmzh_bb.dll@0x11270] [@ gbmzh_bb.dll@0x11247] [@ gbmzh_bb.dll@0x11cd6]
I can easily reproduce the blank tab and the crash on my mother's computer while using Yahoo mail with this add-on installed. Will try on a debug build to see if I can get more useful info.

This report was generated by me: https://crash-stats.mozilla.com/report/index/bp-9c8dc1d6-2058-4173-9d5d-094f02120121

Interestingly I could only reproduce the blank tab at first, and the crash began after I disabled and re-enabled the add-on. But this looks like just a coincidence.
Comment 5 has some addon correlation.

(In reply to Felipe Gomes (:felipe) from comment #10)
> Actually, there was an update in Jan 18, version 2.10.0.5.90.  Do we have
> add-on version data on this crash?
>
I have just contacted the tech-support to complain as a client of the bank. I should have more information on that next Tuesday.
Sergio told me that he successfully contacted the company that develops this add-on, and that they said they are aware of the bug and will release an update in a few days.
Thanks so much Sergio and Felipe for your efforts related to getting this issue addressed. Sergio - please send me your tshirt size info and mailing address and I will send a tshirt to you.
Actually we are not there yet. Looks like they checked the title of the bug and said that this bug only affects an old version of Firefox. I'm trying to get in touch again to explain that's not true. 

Is it possible to update the title?

Marcia, thanks for the t-shirt but let's make sure they will get it fixed before anything ;)
Summary: Firefox 7 crash in gbmzh_bb.dll (Banco do Brasil?) → Firefox crash in gbmzh_bb.dll (Banco do Brasil)
I've just spoke with Rafael Leandro from GAS Tecnologia and he informed me that they released a fix today at 2:00 PM (BRST).

I also invited him to join our conversation here.
New crash report from my brother's computer: https://crash-stats.mozilla.com/report/index/bp-b16c93b6-a0e3-4667-98f4-964c92120124

It looks like the fix is not out there yet...
I am having a hard time reproducing the crash at the moment, however I don't think the add-on updated itself, and by looking at their update.rdf (https://www14.bancobrasil.com.br/update/update.rdf) they're still publishing the same add-on version. I wonder if they could have pushed this fix remotely.
The crash stats from yesterday still shows plenty of crashes, so I'll be paying close attention on what the numbers from today's data will look like
There was a drop from 12k crashes on Jan 24 to 3.5k on Jan 25
I don't see any of these crashes on 10.0 or 10.0.1. I am going to take it off the top crash list at this point but will leave the bug open. Felipe, are we sure they didn't fix anything?
Keywords: topcrash
Sheila, I think they did fix it. it was just by some other means rather than add-on update.. maybe it's from some resource they get from their website.
I've been following the crash stats for this too and I haven't seem any more crashes in the past few weeks, so I believe we can close the bug and reopen if necessary.
(fwiw they haven't published a version compatible with firefox 10 yet)
Seems we have another spike in 12 in this signature: https://crash-analysis.mozilla.com/rkaiser/2012-05-08/2012-05-08.firefox.12.explosiveness.html

https://crash-stats.mozilla.com/report/list?signature=gbmzh_bb.dll@0x1d212

gbmzh_bb.dll@0x1d212|EXCEPTION_ACCESS_VIOLATION_READ (59 crashes)
     53% (31/59) vs.   0% (456/128988) {87F8774F-B485-47E2-A755-A40A8A5E886C}
     14% (8/59) vs.   1% (1768/128988) {1018e4d6-728f-4b20-ad56-37578a4de76b} (Flagfox, https://addons.mozilla.org/addon/5791)
      8% (5/59) vs.   0% (354/128988) {87F8774F-B485-47E2-A755-A40A8A5E886D}
      7% (4/59) vs.   0% (17/128988) {338e0b96-2285-4424-b4c8-e25560750fa3} (Locale Switcher, https://addons.mozilla.org/addon/356)
      7% (4/59) vs.   0% (24/128988) langpack-pt-BR@firefox.mozilla.org (pt-BR Language Pack, https://addons.mozilla.org/addon/4851)
      7% (4/59) vs.   0% (45/128988) pt-BR@dellalibera.sf.net
      7% (4/59) vs.   0% (75/128988) pt-BR@dictionaries.addons.mozilla.org (Dictionary/Dicionário pt-BR, https://addons.mozilla.org/addon/3257)
      7% (4/59) vs.   0% (205/128988) {4BBDD651-70CF-4821-84F8-2B918CF89CA3} (FEBE, https://addons.mozilla.org/addon/2109)
      7% (4/59) vs.   0% (241/128988) {87F8774F-B485-47E2-A755-A40A8A5E8874}
      7% (4/59) vs.   0% (317/128988) {097d3191-e6fa-4728-9826-b533d755359d} (All-in-One Sidebar, https://addons.mozilla.org/addon/1027)
      7% (4/59) vs.   0% (355/128988) ietab@ip.cn (Coral IE Tab, https://addons.mozilla.org/addon/10909)
      8% (5/59) vs.   2% (2800/128988) firebug@software.joehewitt.com (Firebug, https://addons.mozilla.org/addon/1843)
      8% (5/59) vs.   2% (3138/128988) {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
      7% (4/59) vs.   1% (1103/128988) {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
      7% (4/59) vs.   1% (1666/128988) {ABDE892B-13A8-4d1b-88E6-365A6E755758}
The correlation per module version is:
    100% (59/59) vs.   0% (457/128988) gbmzh_bb.dll (2.12.0.14)
Whiteboard: [explosive] → [explosive][startupcrash]
Felipe has reached out to a contact at Banco do Brasil. If we don't hear back, we should try to find STR internally (please add qawanted at that time).
No reply in the bug yet from Felipe so adding qawanted - please do your best to see if we can get STR.
Keywords: qawanted
I did get an e-mail from them saying that they would look into it, but no follow ups yet. How are the numbers for this crash looking like? I did try to reproduce with the correct add-on version but I did not get any crashes.
Same here. Last time it happened it was very simple to reproduce and this time I couldn't do it so far.
(In reply to Felipe Gomes (:felipe) from comment #28)
> How are the numbers for this crash looking like?
There are about 1,000 crashes in 12.0 almost all on startup.
Crash Signature: [@ gbmzh_bb.dll@0x1142c] [@ gbmzh_bb.dll@0x11270] [@ gbmzh_bb.dll@0x11247] [@ gbmzh_bb.dll@0x11cd6] → [@ gbmzh_bb.dll@0x1142c] [@ gbmzh_bb.dll@0x11270] [@ gbmzh_bb.dll@0x11247] [@ gbmzh_bb.dll@0x11cd6] [@ gbmzh_bb.dll@0x1153e] [@ gbmzh_bb.dll@0x1d212] [@ gbmzh_bb.dll@0x185a26] [@ gbmzh_bb.dll@0x185a31]
(In reply to Lukas Blakk [:lsblakk] from comment #27)
> No reply in the bug yet from Felipe so adding qawanted - please do your best
> to see if we can get STR.

I've been unable to reproduce this by simply going to their website. There's not much else QA can do without accounts at BoB. Maybe we can broadcast this out to the Nightly Testers list or get the pt-BR localization community involved here.
Keywords: qawanted
Anthony try accessing this page: https://www2.bancobrasil.com.br/aapf/login.jsp
There is here the plugin should get installed. 

Some of the key members of the Brazilian community are in the CC list of this bug but I'll write to the whole community asking for their help anyway.
There should be a link to the add-on there, and I can provide the add-on to be installed as well. Since it is a startup crash presumably it doesn't involve accessing their website or requiring an account there.
Going to the URL in comment 32 just displays "Aguarde, iniciando o acesso..." in the browser; no add-ons or plug-ins are installed.
(In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #34)
> Going to the URL in comment 32 just displays "Aguarde, iniciando o
> acesso..." in the browser; no add-ons or plug-ins are installed.

If you have Java installed after that you should the the applet popup coming asking for permission to run then the extension should be installed.

I've just installed Win7 x86 in a virtual machine to test and for my surprise the website didn't install or required me to have any extension (besides Java) to access my account. 

I'm trying to get more feedback from the Brazilian community but so far nobody there was able to reproduce the bug.
(In reply to Sergio Oliveira Campos from comment #35)
> (In reply to Anthony Hughes, Mozilla QA (irc: ashughes) from comment #34)
> > Going to the URL in comment 32 just displays "Aguarde, iniciando o
> > acesso..." in the browser; no add-ons or plug-ins are installed.
> 
> If you have Java installed after that you should the the applet popup coming
> asking for permission to run then the extension should be installed.

I have Java SE 1.6u32 installed on Win7 64-bit and all I get is that message...
Crash Signature: [@ gbmzh_bb.dll@0x1142c] [@ gbmzh_bb.dll@0x11270] [@ gbmzh_bb.dll@0x11247] [@ gbmzh_bb.dll@0x11cd6] [@ gbmzh_bb.dll@0x1153e] [@ gbmzh_bb.dll@0x1d212] [@ gbmzh_bb.dll@0x185a26] [@ gbmzh_bb.dll@0x185a31] → [@ gbmzh_bb.dll@0x1142c] [@ gbmzh_bb.dll@0x11270] [@ gbmzh_bb.dll@0x11247] [@ gbmzh_bb.dll@0x11cd6] [@ gbmzh_bb.dll@0x1153e] [@ gbmzh_bb.dll@0x1d212] [@ gbmzh_bb.dll@0x1d101] [@ gbmzh_bb.dll@0x185a26] [@ gbmzh_bb.dll@0x185a31]
It still happen with the latest version but at a low volume.

Here are correlations in 19.0.2:
  gbmzh_bb.dll@0x185a26|EXCEPTION_ACCESS_VIOLATION_WRITE (26 crashes)
    100% (26/26) vs.   0% (433/139851) gbmzh_bb.dll (2.12.2.45)
  gbmzh_bb.dll@0x10857|EXCEPTION_ACCESS_VIOLATION_READ (15 crashes)
    100% (15/15) vs.   0% (433/139851) gbmzh_bb.dll (2.12.2.45)
  gbmzh_bb.dll@0x185a31|EXCEPTION_ACCESS_VIOLATION_WRITE (14 crashes)
    100% (14/14) vs.   0% (433/139851) gbmzh_bb.dll (2.12.2.45)

More reports at:
https://crash-stats.mozilla.com/query/query?product=Firefox&query_search=signature&query_type=startswith&query=gbmzh_bb.dll%400x1&do_query=1
Crash Signature: [@ gbmzh_bb.dll@0x1142c] [@ gbmzh_bb.dll@0x11270] [@ gbmzh_bb.dll@0x11247] [@ gbmzh_bb.dll@0x11cd6] [@ gbmzh_bb.dll@0x1153e] [@ gbmzh_bb.dll@0x1d212] [@ gbmzh_bb.dll@0x1d101] [@ gbmzh_bb.dll@0x185a26] [@ gbmzh_bb.dll@0x185a31] → [@ gbmzh_bb.dll@0x1142c] [@ gbmzh_bb.dll@0x11270] [@ gbmzh_bb.dll@0x11247] [@ gbmzh_bb.dll@0x11cd6] [@ gbmzh_bb.dll@0x1153e] [@ gbmzh_bb.dll@0x1d212] [@ gbmzh_bb.dll@0x1d101] [@ gbmzh_bb.dll@0x185a26] [@ gbmzh_bb.dll@0x185a31] [@ gbmzh_bb.dll@0x1…
Whiteboard: [explosive][startupcrash] → [startupcrash]
Version: unspecified → 19 Branch
Resolved per whiteboard
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME
Whiteboard: [closeme 2016-04-11 WFM][startupcrash] → [startupcrash]
You need to log in before you can comment on or make changes to this bug.