mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-23 04:41:11 +00:00
523986cd8b
With bug 1832467 we have updated our Windows SDK version to 10.0.19041. As a result, we now have a .retplne section in xul.dll, starting with Firefox 115. This is a section with PAGE_NOACCESS protection, so accessing it crashes the process. Some injected DLLs read the whole memory space dedicated to the xul.dll image to search for patterns in it. When they hit the .retplne section, we will crash. This happened for a legit product in bug 1837242, but also for a malicious DLL in bug 1841751. This is a startup crash. This changeset blocks the variants of this malicious DLL we know, to eliminate the associated startup crash spike. Because the DLL does not use a fixed name, we block by matching on the combination of version number + timestamp + image size, based on the values found in crash reports. We additionnally check for a checksum of 0 and the absence of debug information, both of which are uncommon for legit production-ready DLLs; this thus helps further reduce the chances of collision. Differential Revision: https://phabricator.services.mozilla.com/D183096 |
||
|---|---|---|
| .. | ||
| android | ||
| baseprofiler | ||
| build | ||
| interposers | ||
| linker | ||
| misc | ||
| static | ||
| tests | ||
| moz.build | ||