Locating malicious code source in the browser

[forus]

MBAE notifies that it has blocked an exploit in Mozilla Firefox 44.0a2 (and add-ons) and
then shuts the browser down."MBAE has blocked an Exploit code executing from Heap memory in
Firefox or add-ons"  Is it in the browser or one of the add-ons,etc.
If MBAE can block this code there must be a way it could tell me where in firefox the code
is located so that it can be eliminated. Otherwise the browser is unusable since MBAE just
shuts it down.

[hake]

I want the browser or application process to be halted instantly by MBAE on detection of an exploit.  Time is of the essence in ensuring that an exploit is stopped and the sledgehammer method to crack the exploit nut is the way I would wish MBAE to work.

[forus]

I agree that the exploit must be stopped, which is what MBAE does by closing the application. My question was if MBAE could assist in locating and eliminating the source of the code that it detects in firefox so that it can be removed. What is the best way to find it?

 

" If MBAE can block this code there must be a way it could tell me where in firefox the code
is located so that it can be eliminated."

[hake]

Sounds like a scenario for MBAE to become a debugger.

[pbust]

Welcome to the forum @forus. Can you please attach here you MBAE logs? With the logs we'll be able to tell what happened. Alternatively you can PM them to me directly.

[forus]

pbust: Thank you for your constructive response.

 

Forus readme states:

"ZIP the entire contents (all files, not just .LOG) of the MBAE  user directory and attach them to your post."

 

The compressed directory is still too large and will not attach. Should I split the directory into two .ZIPs or

break out specific log files to send?.

[pbust]

Hi forus. If you have a Quarantine subfolder you can exclude that from the ZIP. It should be OK after that.