Closed Bug 831285 Opened 13 years ago Closed 12 years ago

DLL block request: beid35cardlayer.dll 3.5.6.6968 and below

Categories

(Toolkit :: Blocklist Policy Requests, defect)

Product:
Toolkit
Component:
Blocklist Policy Requests
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: tdowner, Assigned: benjamin)

References

Details

(Whiteboard: [dll])

Attachments

(1 file)

bug831285-beidcard-block
1.05 KB, patch
johnath
: review+
Details | Diff | Splinter Review
This is apparently malware and is causing Firefox 18 to crash on startup. It isn't a top crasher, and seems rather small, so it isn't a priority for 18.0.1, but perhaps 19. https://crash-stats.mozilla.com/report/index/b9ae4a95-be09-4e01-99e0-ff54c2130116
Blocks: 831286
OS: Windows 7 → Windows XP
beid35cardlayer.dll is a legitimate DLL belonging to Belgian Government digital ID software.
Alright, well if it truly is legit (I've seen a few reports of it being malicious) then we should try to contact them and get them to release a new version
Here is their website: http://eid.belgium.be/en/
Summary: Block list beid35cardlayer.dll malware → Investigate Blocklisting beid35cardlayer.dll
Recent versions seem unaffected so let's blocklist old ones. See bug 831286 DLL name: beid35cardlayer.dll DLL versions to block: 3.5.6.6968 and below Applications, versions, and platforms affected: Firefox 18 and above, Windows Homepage and other references and contact info: http://eid.belgium.be/en/using_your_eid/installing_the_eid_software/ Reasons: startup crashes (see bug 831286)
Severity: major → normal
Component: General → Blocklisting
Product: Core → addons.mozilla.org
Summary: Investigate Blocklisting beid35cardlayer.dll → DLL block request: beid35cardlayer.dll 3.5.6.6968 and below
Whiteboard: [dll]
Version: 18 Branch → unspecified
Jorge, the patch is easy to write; can you verify that comment 4 is the action we want to take? Do you want to contact them first?
Flags: needinfo?(jorge)
(In reply to Benjamin Smedberg [:bsmedberg] from comment #5) > Jorge, the patch is easy to write; can you verify that comment 4 is the > action we want to take? Do you want to contact them first? Comment #4 seems reasonable to me. However, let's give the developers some time to respond. I just sent them a message. If they don't reply within a week, I think we can proceed with the block.
Flags: needinfo?(jorge)
ok. Assign this bug to me when you're ready.
Assignee: nobody → jorge
There has been no reply from them. I think we should move ahead with the block.
Assignee: jorge → benjamin
Hello, Sorry for not replying earlier, just got your message from our support team. If I read the error report correct, 34 crashes were reported caused by version 3.5.6. And 27 crashes caused by version 3.5.3. I'm not sure about the timespan in which they were reported however. Our software is used for electronic authentication and signing services with the belgian eid card (which each adult Belgian person own). One of the main usages is the anual tax reporting, where we have about 3.4 million tax reports created anualy. The vast majority of our users are Windows users, and I fear a lot of them will be impacted by a block of beid35cardlayer.dll (even if only version 3.5.6 and before). So we would like to ask you not to block the beid35cardlayer.dll. If not-blocking is not an option, would the block message advice the user to update their eid middleware? Wkr, Frederik
(In reply to frederik from comment #9) > If I read the error report correct, 34 crashes were reported caused by version 3.5.6. > And 27 crashes caused by version 3.5.3. It was the number of crashes per day on January 26! Now, there are currently 60 crashes over the last week, all at startup. See https://crash-stats.mozilla.com/query/query?product=Firefox&query_search=signature&query_type=contains&query=beid35cardlayer.dll&do_query=1 It's now a lower volume, six weeks after the release of Firefox 18, probably because EID users have switched to another browser. > So we would like to ask you not to block the beid35cardlayer.dll. Not blocking loading old versions of beid35cardlayer.dll in Firefox means that Firefox 18 and above will crash at startup and users won't be able to surf or report their tax. The workaround is either to use another browser or an old unsafe version of Firefox (before version 18). We think that blocking loading old versions of beid35cardlayer.dll in version 20 and above (too late for version 18 and 19) would solve crashes at startup. Are you able to reproduce startup crashes with EID 3.5.6 for instance? Do you have an automatic update feature?
Flags: needinfo?(frederik.vernelen)
(In reply to Scoobidiver from comment #10) > Now, there are currently 60 crashes over the last week I meant 108 crashes.
I tried to reproduce the issue with eIDMW 3.5.6.6968 and firefox 19 on a Windows XP, but could not cause a crash. (could log on to taxonweb). (this version can be found at http://code.google.com/p/eid-mw/downloads/detail?name=eID-QuickInstaller-build-6968-signed.exe&can=1&q=6968, without an eID, you will not be able to finish the tests in the end, but the installation will already be done by then ) If you would block older versions of the beid35cardlayer.dll, would that be silently, or would it be possible to instruct the user to update their eID Middleware? We do not have have an automatic update feature
Flags: needinfo?(frederik.vernelen)
(In reply to frederik from comment #12) > If you would block older versions of the beid35cardlayer.dll, would that be > silently, or would it be possible to instruct the user to update their eID > Middleware? It will be silent. Blocked extensions and plugins can be seen in the Add-on manager, but not blocked DLLs. We don't even have a wiki page to list blocked DLLs as we have for blocked graphics features. Can you instead warn users of old EID versions by your own or via the Belgian tax website?
I'm afraid this issue might still be present in our latest release. When searching through your crash reports, I found that "beid_ff_pkcs11.dll" is also causing issues. We're looking into this, but have not been able to reproduce it yet
Could this issue be related to Bug 829897? This one causes Firefox to hang when exitting, thus preventing Firefox to be started again. (or could it be that when the user kills firefox through the task manager, that a crash report is generated?)
This bug is about blocklisting and bug 831286 is about crashes, so let's continue this discussion there.
Agreed. So can it be that the reported crash on startup is in fact an older Firefox instance still hanging? As we have not had any report of firefox crashing with our eid, but recently we had some reports about firefox failing to close when the eIDMW was installed. If this is the case, firefox is stil useable with the eIDMW (highly annoying ofcourse, that one need to kill it through taskmanager). While silently blocking the beid35cardlayer.dll would just leave the user in the dark as to why he cannot authenticate with eID in Firefox. We'll try to get the fix officially released asap
Frederik, has there been any progress here?
Flags: needinfo?(frederik.vernelen)
We released the 4.0.5 version our software for windows (with the fix for the hanging issue)
Flags: needinfo?(frederik.vernelen)
Bug 918399 means this is more important than just the relatively low crash volume.
Attachment #807813 - Flags: review?(johnath)
Comment on attachment 807813 [details] [diff] [review] bug831285-beidcard-block Review of attachment 807813 [details] [diff] [review]: ----------------------------------------------------------------- Haven't tested the block, but it looks syntactically correct, and I agree that the time for blocking is (well!) upon us.
Attachment #807813 - Flags: review?(johnath) → review+
Product: addons.mozilla.org → Toolkit
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: