Firefox 58.0.1 getting shutdown by MB for "Exploit ROP gadget attack"

[Cain]

My Firefox just updated and now MB keeps shutting it down, over and over.  I posted elsewhere but wanted to be certain you folks saw it is a problem, and I'm guessing others will have the same problem when their Firefox updates tonight and tomorrow. 

Here's my log info.  I can send the other more comprehensive logs you folks like (although they are not something I'd want to post in a public forum), but this may have been unnecessary because this is a known issue?

Thx!

-------------------

-Log Details-
Protection Event Date: 1/29/18
Protection Event Time: 9:34 PM
Log File: 26ac50dc-0566-11e8-bc65-704d7b285f80.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3817
License: Premium

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: Mozilla Firefox (and add-ons)
Protection Layer: Protection Against OS Security Bypass
Protection Technique: Exploit ROP gadget attack blocked
File Name:
URL:

(end)

[Porthos]

1 hour ago, Cain said:

Here's my log info. 

 

[Cain]

Done, thanks. 

I saw in the other thread, you mentioned your posted settings above are "default", but does unchecking those boxes make me vulnerable in any way?? 

Edited January 30, 2018 by Cain

[Porthos]

3 hours ago, Cain said:

but does unchecking those boxes make me vulnerable in any way?? 

The developers have to choose a balance between protection and functionality.

Exploit protection is only one of  many layers of protection.

[AlexSmith]

@Cain I have Firefox 58.0.1 running just fine with the latest version of Malwarebytes with the default settings. If you have adjusted/modified the default anti-exploit settings for web browsers in Malwarebytes, then there is a chance an issue may occur.

On top of that, recent builds of Firefox have had issues and conflicts with other security software that provide exploit protection features. In fact, the release notes of 58.0.1 call out that it includes a specific fix to resolve some of the recent conflicts Firefox has introduced.

My guess is that these things combined are the root causes of your issue.

Edited January 30, 2018 by AlexSmith

[Cain]

Thanks Alex!  Not sure how my settings got changed, but since I put them back the way Porthos recommended, I'm fine.

Thanks guys!

[seaquest]

@Malwarebytes ,  disabling that feature may solve the issue but is it right to do so? It seems the issue is false positive. Is there a plan for solving this false positive while allowing RET ROP Gadget detection?

[Porthos]

1 hour ago, seaquest said:

disabling that feature may solve the issue but is it right to do so?

Yes it is because it is the current default settings that the rest of us are using. For some reason (which is being investigated) you did not get the change of settings in a update.

[Arthi]

Hi All,

The default settings that we provide as part of Anti-Exploit is after a careful deliberation by our security experts to provide optimum security while minimizing false positives. It is the recommended solution for users.

However, there are some settings that we offer which provide additional security but might not be compatible with a few 3rd party products. One such is RET ROP Gadget Detection. By default, we do not recommend turning it on. But by no means turning it off will reduce users' security. 

If you are using Firefox 58, Please use default recommended settings as in the below screenshot.

Thank you.