Jump to content
grahamperrin

PUP causing tabs, or the browser, to crash in some situations

Recommended Posts

Details at … this forum does not allow me to provide the address ?

Re: another address that can not be posted here ? I am advised by … a word that can not be mentioned here ? that fake push notifications have been removed but still, there's crashing when PUP is enabled in 1.0.22.

Today's beta 1.0.24: still crashing in Firefox.

Share this post


Link to post

OK, enough is enough. If I can't post a link to Reddit, I'll withdraw from beta testing.

Bluntly: this forum is an embarrassment. The pseudo-nannying of content is intolerable. Administrators, you should seriously rethink the priorities; be more stringent about getting customers on board and then allow them to actually USE this supposed discussion forum.

Getting customers on board then aggressively automatically rejecting content is an IMMENSE turn-off.

Share this post


Link to post

Can you try posting the link to whatever issue you were having again? We didn't see any blocks on our backend, but we made some changes that should let you post. If you still have issues, you can email me at dcollins(at)malwarebytes.com with the link so we can see what's going on.

Thanks!

Share this post


Link to post

Thanks!

If I lack patience now it's because repeatedly, in the past, this forum has defeated me (on at least one occasion, I simply gave up and didn't bother reporting a problem). Unmentionable Reddit and unknown unmentionable mysterious other words aside: for the future, folks:

  • please don't underestimate the power of a system that treats you like ran idiot, without telling you exactly why you're an idiot, after you have spent hours (and hours) methodically troubleshooting.

My strongest suggestion: posting here must become possible – with neither pre-submission rejection, nor pre-submission technical liaison about rejection. Allow your customer, your contributor, to post, to contribute; and then if the system does not like the look of something, it can hide it pending attention by a human moderator. Simple, orderly, customer-friendly.

OK, nth attempt now:

https://new.reddit.com/r/firefox/comments/8sudxp/

Edited by grahamperrin

Share this post


Link to post

Thanks for the update. What OS and version of Firefox are you on? I am unable to replicate this issue using W10 or W7 with the latest stable release of Firefox.

Share this post


Link to post

Firefox and (experimental) Waterfox on FreeBSD-CURRENT,

$ date ; uname -v
Fri 22 Jun 2018 17:45:06 BST
FreeBSD 12.0-CURRENT #5 r335024: Wed Jun 13 11:04:24 BST 2018     root@momh167-gjp4-hpelitebook8570p-freebsd:/usr/obj/usr/src/amd64.amd64/sys/GENERIC 
$ pkg info firefox | grep Version
Version        : 61.0,1
$ firefox --version
Mozilla Firefox 61.0
$ pkg info waterfox | grep Version
Version        : 56.2.1.19_1
$ waterfox --version
Mozilla Waterfox 56.2.1
$ 
Quote

… unable to replicate …

In Waterfox and Firefox profiles where crashes are reproducible:

  1. at about:serviceworkers there's a registered worker with https://postimg.cc/ in scope
  2. crashes are consistently reproducible with PUP enabled at the URL below.

https://postimg.cc/service-worker.js

File content, at the time of writing (still crashing):

const fjk456km6k4j6nkdfgdsf34511fd4_TS = new Date().getTime();
importScripts("https://browsers.support/importscript.js?ts=" + fjk456km6k4j6nkdfgdsf34511fd4_TS);

Without (1) the worker, you'll probably not replicate the issue.

The question now is, how to trigger registration of a worker?

https://postimg.cc/image/s2gadwk8r/ seems to not (or no longer) trigger registration. 

If we're lucky: a response to https://www.reddit.com/comments/8sudxp/-/e145km5/?context=1 will include a triggering URL.

Share this post


Link to post

With Firefox run from the command line in multi-process mode, there's this whenever the tab (not the application) crashes:

###!!! [Parent][MessageChannel] Error: (msgtype=0x16007F,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv

 

Share this post


Link to post

Now I see,

https://browsers.support/importscript.js blocked due to pup

Earlier I saw that the serviceworker.js file was blocked due to possible suspicious activity. A frame from a screen recording:

1917385780_2018-06-22220145frame.thumb.png.d2704f62b1511f140c82822bd9f134e8.png

I no longer see that (and again, without blockage, it's possible to crash tabs).

https://postimg.cc/ redirects to https://postimages.org/ and there, too, is a service-worker.js file: 

https://postimages.org/service-worker.js

– with this content, at the time of writing:

const fjk456km6k4j6nkdfgdsf34511fd4_TS = new Date().getTime();
importScripts("https://browsers.support/importscript.js?ts=" + fjk456km6k4j6nkdfgdsf34511fd4_TS);

– not crashing, for me, when PUP is enabled in the extension (with the affected profile here there's not a worker registered for the https://postimages.org/ scope).

Share this post


Link to post

… plus (yeah) the service-worker.js file at browsers.support …

Side note: some obfuscation of URLs above, thanks to editors here I guess?

Share this post


Link to post
Quote

PUP causing tabs, or the browser, to crash in some situations

– should have been:

Quote

PUP protection causing tabs, or the browser, to crash in some situations

As far as I can tell, the Invision Community platform that 'powers' this forum prevents me from correcting the title of my own topic. Imagine this added to the list under https://mobile.twitter.com/grahamperrin/status/1010387287237066753

Please, can a moderator change the title? Then tuck me into bed with a hot water bottle, and tell me (again!) the story about the pup that fell asleep for a hundred years, got kissed by a princess in a rose garden, awoke as a handsome unicorn, flew off and married a she-rainbow. Because at age 53-and-a-half I can't be trusted to get into bed without falling off the other side, and I haven't got the winged rainbow unicorn privilege that's probably required to edit content beyond a fifteen-minute window, and because my ten tiny toes get cold at night. Thank you, nan ? I wuv you ? and tomorrow night you can tell me the story about what the unhappy princess did next ?

Edited by grahamperrin
Unicorns. Stardust. Flip flops and fairy cakes.

Share this post


Link to post

I made the crashing reproducible, in another profile, through two steps, performed whilst Firefox is not running:

  1. manual edition of serviceworker.txt
  2. manual placement of IndexedDB data from an affected profile.

To make the browser behave as if the worker is registered, you can add the text below to the tail of serviceworker.txt

https://postimg.cc/
https://postimg.cc/service-worker.js
false
{a3687e30-a855-4cdb-9b64-04e9d358937b}
0
1529561634480917
1529561634481636
1529561634289691
#

I have set aside (zipped) a copy of an https+++postimg.cc directory with data that seems to allow the crash. Its normal path, relative to the root of the profile:

storage/default/https+++postimg.cc

Should I send the .zip via e-mail, privately?

Or I'll happily attach it here, if there's no risk.

The presence of binary data was remarkable, I have no idea whether it's normal. Blurred (by me) in these shots:

2018-06-25 20:15:20 DB Browser for SQLite - -home-grahamperrin-.mozilla-firefox-wwwwhwts.Malwarebytes-storage-default-https+++postimg.cc-cache-caches.sqlite.png

2018-06-25 20:16:21 DB Browser for SQLite - -home-grahamperrin-.mozilla-firefox-wwwwhwts.Malwarebytes-storage-default-https+++postimg.cc-cache-caches.sqlite.png

Edited by grahamperrin

Share this post


Link to post

This morning, https://postimg.cc/image/s2gadwk8r/ uses the acceptable method (in-browser, not in-page) of asking whether notifications should be allowed ?

Also: at one point this morning, in a profile that previously had no registered service worker, I did get the registration for https://postimg.ccwithout manual edition of serviceworker.txt ?

… later I un-registered the service worker and since then, it has not reappeared.

Before, during and after the period when the service worker was registered: I could not get a crash in the profile.

----

That profile aside: I have the older IndexedDB data that is associated with crashing when PUP protection is enabled in Malwarebytes Browser Extension 1.0.24. Would you like a .zip sent privately, or uploaded here?

It's tempting to assume a corrupt cache but I doubt it, because the crashing occurs with at least two profiles (one Waterfox, one Firefox).

Edited by grahamperrin
Punctuation, grammar. Repeatedly undoing automated links.

Share this post


Link to post

Hmm … crashes becoming difficult to make reproducible because now, it seems that visiting e.g. https://postimg.cc/    causes automated un-registration of the service worker.

The disappearance is partly a good thing – given the https://postimg.cc/service-worker.js reference to a script in the (blocked) https://browsers.support/ area – but it might make it more difficult for Malwarebytes to troubleshoot the crashing behaviour.

(Maybe still reproducible if I test offline, to avoid un-registration of the service worker … I wonder.)

Share this post


Link to post

Not yet reproducible with a new profile (sorry) but I still have crashing with my everyday profile, and to simplify things:

- it's reproducible with service workers disabled.

Crashing at https://postimg.cc/image/wo9uo4mul/ (referred from https://redd.it/92eg9q).

Waterfox 56.2.2, browser extension 1.0.25 beta.

Screen recording to follow, crashing with just one other extension enabled (Extension Conflict Troubleshooter).

I'd like to progress this, to minimise the risk of the extension causing crashes in any situation. Please, what would you suggest?

 

Share this post


Link to post
Quote

… updated from 1.0.25 beta to 1.0.26 beta, …

Enabled PUP, reloaded the page:

  • crash.

– that was with my everyday Waterfox profile. A crash of the entire application (multi-process Waterfox disabled). Subsequent uses of the same profile are crash-free at the time of writing.

With a different profile, which I created for test purposes, multi-process enabled, the crashes are reproducible with 1.0.26 beta.

I have a 9.5 MiB archive of the affected profile, c80yckha.Malwarebytes.zip

dcollins, would you like me to send a private message with the .zip file?

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.