Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 715748 - DLL block request: gemgecko10.dll
: DLL block request: gemgecko10.dll
Product: Toolkit
Classification: Components
Component: Blocklisting (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Luke Wagner [:luke]
: Jorge Villalobos [:jorgev]
Depends on:
Blocks: 715757
  Show dependency treegraph
Reported: 2012-01-05 17:28 PST by Kyle Huey [:khuey] (Exited; not receiving bugmail, email if necessary)
Modified: 2016-03-07 15:30 PST (History)
18 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

Patch (836 bytes, patch)
2012-01-05 17:37 PST, Kyle Huey [:khuey] (Exited; not receiving bugmail, email if necessary)
vladimir: review+
akeybl: approval‑mozilla‑beta-
Details | Diff | Splinter Review

Description Kyle Huey [:khuey] (Exited; not receiving bugmail, email if necessary) 2012-01-05 17:28:52 PST
DLL name: gemgecko10.dll
DLL versions to block:
Applications, versions, and platforms affected: Firefox on Windows

Homepage and other references and contact info: gemgecko10.dll appears to be part of an addon or rebranding package made by 'Gemius'.

BExternal.dll appears to be manipulating our preferences off the main thread, causing crashes.

See crash reports like
Comment 1 Kyle Huey [:khuey] (Exited; not receiving bugmail, email if necessary) 2012-01-05 17:37:47 PST
Created attachment 586292 [details] [diff] [review]
Comment 3 Kyle Huey [:khuey] (Exited; not receiving bugmail, email if necessary) 2012-01-05 17:41:57 PST
Yeah I don't think this is malice.  We should contact them and get them to fix their code if possible.
Comment 4 christian 2012-01-05 18:00:22 PST
It's strange that it is so high we have a lot of polish beta users? It sounds like there is < 50,000 total users in the "survey group", and not all of them have the add-on installed.

I would also expect the correlation reports to shout from the rooftops about the add-on as well.
Comment 5 Marek Stępień [:marcoos, inactive] 2012-01-06 14:26:39 PST
Christian's findings from comment 2 are mostly correct. 

Gemius is a web stats company and PBI (Polskie Badania Internetu) is a consortium of the top sites in Poland (Onet, WP, Gazeta, Interia and Rzeczpospolita) made for gathering web page and apps stats. The Megapanel survey (operated by Gemius on behalf of PBI) is regarded as the best representation of how the web in Poland works, whose sites and services are the most popular. Advertising budgets of every web campaign are based on Megapanel findings. 

Gemius JS files are basically on every important site in Poland. The netPanel app is used to monitor sites that don't include their scripts. The findings from the JS scripts are combined with the extrapolated findings from the app, and published monthly, e.g. here:

The netPanel app is offered to some users through those JS scripts. It's not available for a direct download, since they only offer it through a pop-up window to users that fit their statistical model.

Description in Polish:

50k users is a lot, but taking into account that basically any web page in Poland can offer you their monitoring app, it's not that unbelievable.
Comment 6 Zibi Braniecki [:gandalf][:zibi] 2012-01-07 13:16:36 PST
Our metrics team have some contact info to those ppl. CC'ing Daniel.
Comment 7 Alex Keybl [:akeybl] 2012-01-09 13:07:27 PST
As with bug 715744, before we track for a release we should also make sure to understand

* the total add-on population
* crashes highly correlated with this DLL
Comment 8 Alex Keybl [:akeybl] 2012-01-17 12:41:59 PST
[Triage Comment]
I think we're too close to the end of the cycle to prepare and execute on a DLL blocklist addition for FF10. We would, however, consider uplifting the entry once ready for FF11.
Comment 9 Marek Stępień [:marcoos, inactive] 2012-01-17 15:10:08 PST
Was Gemius contacted about this issue?
Comment 10 Luke Wagner [:luke] 2012-01-17 17:35:39 PST
Alex: similar to bug 715744, this dll is partially causing a topcrash (bug 715757 comment 4).
Comment 11 Scoobidiver (away) 2012-01-18 00:21:59 PST
The crash in CrashInJS caused by gemgecko10.dll (58%) is #8 top crasher in 10.0b4.
Comment 12 Luke Wagner [:luke] 2012-01-18 09:44:28 PST
Bug 715757 comment 7 says that blocking this and BExternal.dll remove 99% of the #8 topcrash.
Comment 13 Marek Stępień [:marcoos, inactive] 2012-01-19 13:32:15 PST
Zbigniew, Daniel:
So I guess nobody contacted Gemius about this bug? If nobody did, I will.
Comment 14 Alex Keybl [:akeybl] 2012-01-20 13:37:16 PST
Given the topcrash status of bug 715757, we can still consider blocklisting gemgecko10.dll for FF10. The steps to do this would need to be

1) (DONE) Create a blocklist patch
2) Create a try build, get the patch r+'d
3) QA to test Gemius's software to make sure that the blocklist is successful and there are no functional regressions
4) Land on beta with QA's signoff

and all of this would need to happen before beta 6 goes to build on Monday evening PT. I'm sending this over to Kyle to see if he can take care of #2 today.

We'd consider blocklisting between beta 6 and our RC if 715757 was a startup crasher, but that doesn't appear to be the case.
Comment 15 Alex Keybl [:akeybl] 2012-01-20 13:39:04 PST
Of course #3 is still gated on finding an XPI or Marek's outreach producing an XPI - so this is even less likely to make the cut.
Comment 16 Alex Keybl [:akeybl] 2012-01-20 13:42:07 PST
Sending over to Luke since Kyle's out for the day.
Comment 17 Luke Wagner [:luke] 2012-01-20 14:10:56 PST
Comment 18 Vladimir Vukicevic [:vlad] [:vladv] 2012-01-20 14:31:12 PST
Comment on attachment 586292 [details] [diff] [review]

Patch itself looks fine, I thought that dll blocklist entries like this just needed r+ from someone on addons/product teams and not "code review"?
Comment 19 Marek Stępień [:marcoos, inactive] 2012-01-21 09:59:29 PST
Sent an email to with a short description of the situation and a link to this bug.
Comment 20 :Ehsan Akhgari (Away Oct 25 - Nov 9) 2012-01-21 10:22:39 PST
(In reply to Vladimir Vukicevic (:vlad) from comment #18)
> Comment on attachment 586292 [details] [diff] [review]
> Patch
> Patch itself looks fine, I thought that dll blocklist entries like this just
> needed r+ from someone on addons/product teams and not "code review"?

It also requires code review to catch things like bug 715744 comment 11, for example.
Comment 21 Luke Wagner [:luke] 2012-01-21 17:58:08 PST
Comment on attachment 586292 [details] [diff] [review]

I do not know how to make 3 or 4 happen so I'll request approval for beta.

[Approval Request Comment]
User impact if declined: Top-crash
Testing completed (on m-c, etc.): comment 17
Risk to taking this patch (and alternatives if risky): low: it is a DLL blocklist
Comment 22 Alex Keybl [:akeybl] 2012-01-22 17:52:07 PST
(In reply to Marek Stępień [:marcoos] from comment #19)
> Sent an email to with a short description of the situation
> and a link to this bug.

Thanks Marek. It would be very helpful to have access to the Gemius software in order to test the try build from comment#17 (thanks Luke).

We'll test the blocklist entry with Gemius's software before approving for Beta 10.
Comment 23 Alex Keybl [:akeybl] 2012-01-23 16:05:08 PST
We weren't in a position to take this blocklist entry for beta 6. We should consider doing this instead for FF11.
Comment 24 Zibi Braniecki [:gandalf][:zibi] 2012-01-24 10:22:32 PST
I contacted a person from Gemius (Marcin Mazurkiewicz) who is sending us weekly stats reports.
Comment 25 Zibi Braniecki [:gandalf][:zibi] 2012-01-25 02:52:36 PST
I got a response from Marcin. He said that he got in touch with the team working on the code and he asked us to give them a day or two to analyze the data before we commit this patch.

Is there someone from our team I should suggest as a point of contact for Gemius ppl working on this in case they have questions or should I suggest them to use this bug for any upcoming communication?
Comment 26 Marek Stępień [:marcoos, inactive] 2012-01-26 09:56:53 PST
Got a reply from Gemius. Translation of the important parts:

"We decided to temporarily update the addon to a version that does not contain gemgecko10.dll and marked it as incompatible with Fx 10 (gemgecko10.dll is only used when the addon is installed in Fx10)".

"We will withdraw from releasing versions of the addon containing gemgecko10.dll until the problem is fixed and the addon made available to [the Polish Mozilla l10n team - marcoos] for verification."

I will ask them to make it available to some of the people from this bug, not neccessarily the L10n team. :)
Comment 27 Marek Stępień [:marcoos, inactive] 2012-01-26 10:05:16 PST
Replied to them and asked them to make the add-on available for testing. If they don't feel like releasing it publically, I've asked them to e-mail it to Alex.
Comment 28 Kyle Huey [:khuey] (Exited; not receiving bugmail, email if necessary) 2012-01-26 10:06:57 PST
Given that I don't think the blocklist is necessary.

Please reopen if you disagree.
Comment 29 Zibi Braniecki [:gandalf][:zibi] 2012-01-27 17:37:33 PST
Awesome! Thanks Marek for driving this. It would be awesome if they could share their findings on why gemgecko regressed in Fx 10, but overall, glad to see their approach :)
Comment 30 Kyle Huey [:khuey] (Exited; not receiving bugmail, email if necessary) 2012-01-27 22:02:53 PST
It regressed because we added an assert that says "hey that thing you've been doing for years, that's a bad thing to do".
Comment 31 Luke Wagner [:luke] 2012-01-28 12:32:22 PST
To be clear: "hey that *bad* thing you've been doing for years, ..."
Comment 32 Romuald Juchnowicz-Bierbasz 2012-01-31 03:16:57 PST
Hello guys,

I'm an employee of Gemius company and developer of NetPanel project, where we use XPCOM component (gemgeckoX.dll) to communicate with Firefox browser.
First of all, thanks for the report. gemgeckoX.dll is an old pice of code, created years ago for gecko 1.8 based FF. Recently it was made compatible with browsers based on gecko 2.0 (and higher) - we wrapped it in .xpi package and applied changes from article. From then, we updated the .xpi package every FF release recompling the component (so 10 in gemgecko10.dll file name means that it was compiled with gecko sdk 10).
We never got any crushes during tests, nor bug reports from users. I have dug the component's source code - the crash is probably caused by calling nsIPrefBranch off the component's main thread (as described in bug 715757). We will fix it in next update :) BTW: is there any doc about XPCOM thread safety? 
Marek Stępień asked for the extension for tests. Is the request is still valid?
Comment 33 Alex Keybl [:akeybl] 2012-02-13 13:03:13 PST
We've now heard from a couple of employees at Gemius that their latest version will be rolled out soon. Removing the tracking flags for specific releases.

Note You need to log in before you can comment on or make changes to this bug.