Closed
Bug 806247
Opened 12 years ago
Closed 1 month ago
crash in _wcsicmp with randomly named DLL (malware)
Categories
(Toolkit :: Crash Reporting, defect)
Tracking
()
People
(Reporter: scoobidiver, Unassigned)
References
Details
(Keywords: crash)
Crash Data
It's #83 top browser crasher in 16.0.2 and #64 in 17.0b3. It's correlated to '8 ramdom characters'_0.tmp DLLs. Signature _wcsicmp More Reports Search UUID 0f91802f-881f-4974-831f-9596f2121028 Date Processed 2012-10-28 17:14:59 Uptime 40 Last Crash 1.8 days before submission Install Age 3.0 days since version was first installed. Install Time 2012-10-25 17:23:56 Product Firefox Version 17.0 Build ID 20121023124120 Release Channel beta OS Windows NT OS Version 6.0.6002 Service Pack 2 Build Architecture x86 Build Architecture Info AuthenticAMD family 15 model 79 stepping 2 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0xa11006 App Notes AdapterVendorID: 0x1002, AdapterDeviceID: 0x791e, AdapterSubsysID: 0e0c105b, AdapterDriverVersion: 8.501.0.0 D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- EMCheckCompatibility True Adapter Vendor ID 0x1002 Adapter Device ID 0x791e Total Virtual Memory 2147352576 Available Virtual Memory 1796579328 System Memory Use Percentage 47 Available Page File 3125288960 Available Physical Memory 1058050048 Frame Module Signature Source 0 msvcrt.dll _wcsicmp 1 aa9e0940_0.tmp aa9e0940_0.tmp@0x4822 2 aa9e0940_0.tmp aa9e0940_0.tmp@0x4ad9 3 kernel32.dll CreateRemoteThread 4 xul.dll mozilla::InjectCrashRunnable::Run toolkit/crashreporter/InjectCrashReporter.cpp:66 5 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:624 6 xul.dll nsThread::ThreadFunc xpcom/threads/nsThread.cpp:257 7 nspr4.dll _PR_NativeRunThread nsprpub/pr/src/threads/combined/pruthr.c:395 8 nspr4.dll pr_root nsprpub/pr/src/md/windows/w95thred.c:90 9 msvcr100.dll _callthreadstartex f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c:314 10 msvcr100.dll _threadstartex f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c:292 11 kernel32.dll BaseThreadInitThunk 12 ntdll.dll __RtlUserThreadStart 13 ntdll.dll _RtlUserThreadStart More reports at: https://crash-stats.mozilla.com/report/list?signature=_wcsicmp
|
||
Comment 1•12 years ago
|
||
Funny, this is crashing during the code injection portion of the Flash Breakpad code.
|
||
Comment 2•12 years ago
|
||
I strongly suspect 3rd-party interactions causing this (antivirus, feature programs, or malware). The randomly named "module" is a shared-memory mapping in the users temp directory, so it's not certainly intentional obfuscation, it may just be a side effect. The DLL correlation report indicates that 100% of users have wintrust.dll loaded... I wonder if that's related?
|
||
Comment 3•9 years ago
|
||
This crash showed up recently in smoke testing, with Windows 8.1 x86 (ATI Radeon 3000) and Firefox 37 Beta 5. Marking affected versions of Firefox in case this becomes a top crash.
status-firefox36:
--- → affected
status-firefox37:
--- → affected
status-firefox38:
--- → affected
status-firefox39:
--- → affected
|
|
||
Comment 4•9 years ago
|
||
Many comments in crash reports mention that this crash happens while uploading a large file as an email attachment.
|
||
Comment 5•2 years ago
|
||
Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.
For more information, please visit auto_nag documentation.
Severity: critical → S3
|
||
Comment 6•1 month ago
|
||
This doesn't seem to be happening anymore. There's some very low amount of crashes remaining but they seem unrelated and likely non-actionable.
Status: NEW → RESOLVED
Closed: 1 month ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•