https://www.ghacks.net/2022/10/08/mozilla-rushes-to-address-an-avast-bug-that-causes-crashes-in-firefox/

Thousands of Firefox users reported crashes of the Firefox web browser
to Mozilla, the maker of the browser. The, often angry user comments,
all reported that Firefox had crashed out of a sudden on Windows
machines.

firefox 105.0.3 avast crashes

Mozilla started its investigation and discovered, rather quickly, that
Avast software was the culprit. Avast, maker of security products, is a
popular choice when it comes to third-party antivirus protections on
Windows.

It became clear quickly that the issue affected all versions of
Microsoft's Windows operating system on which certain versions of the
Avast Antivirus software were installed on. The issue in Avast software
was critical, as it was the causing the top 5 desktop browser crashes on
Windows on release, and the top 20 desktop browser crashes on release.
ADVERTISEMENT

Antivirus applications are notorious for interfering with legitimate
applications on Windows machines. In this particular case, it appears
that Avast versions 18.0.1473.0 and older are causing the crashes of the
Firefox web browser.

Mozilla decided to block Avast's DLL files using Firefox's DLL blocklist
file to stop the crashes from happening. An update to Firefox 105.0.3 is
available already, which includes the new entry to the blocklist.

The new version of Firefox Stable addresses just the one issue.
According to it, the crashes may also be caused by AVG Antivirus
software. Avast acquired AVG in 2016 and has since then brought
antivirus products closer together.

Mitigated frequent crashes for Windows users with Avast or AVG Antivirus
software installed ADVERTISEMENT

Firefox users who run Avast or AVG software may want to update the
Firefox web browser to the latest stable release right away. They may
also want to check for Avast or AVG updates as well to make sure the
latest versions of the security applications are run on the system.

Mozilla employee Gabriele Svelto has another suggestion: uninstall Avast
or AVG products.

Firefox users may select Menu > Help > About Firefox to update. If the
browser does not open, they may download Firefox from the Mozilla
website instead to install the update. ADVERTISEMENT

Closing Words

Bugs or false positives are common, and they may lead to crashes of
third-party applications and other issues. Often, users of these
programs blame the innocent third-party application and not the real
culprit, the antivirus solution, when crashes or other issues occur.

Issues like these may see numerous users migrate to another browser,
with a good chance that they are lost for the foreseeable future.

Mozilla reacted very quickly to the issue, which is commendable.

Now You: when was the last time you experienced crashes in programs that
you use?

On 10/12/2022 3:09 PM, Anonymous wrote:
> https://www.ghacks.net/2022/10/08/mozilla-rushes-to-address-an-avast-bug-that-causes-crashes-in-firefox/
>
> Thousands of Firefox users reported crashes of the Firefox web browser
> to Mozilla, the maker of the browser. The, often angry user comments,
> all reported that Firefox had crashed out of a sudden on Windows
> machines.
>
> firefox 105.0.3 avast crashes
>
> Mozilla started its investigation and discovered, rather quickly, that
> Avast software was the culprit. Avast, maker of security products, is a
> popular choice when it comes to third-party antivirus protections on
> Windows.

The problem is a bit more nuanced than that.

https://www.mozilla.org/en-US/firefox/105.0.3/releasenotes/

https://bugzilla.mozilla.org/show_bug.cgi?id=1794064

Mozilla has its own internal AV behavior (that did not exist in Firefox 2,
and is a newer addition to the feature set). In this particular
case, it watches for injection attacks. And it can do this,
since the browser uses 5-8 separate processes, with different
processes for Content ones. The parent process, launching the
others, can check them. And then, notice the Avast injection
on the stack.

0 firefox.exe!mozilla::freestanding::patched_LdrLoadDll(wchar_t*,
unsigned long*, _UNICODE_STRING*, void**)+0x18e
1 aswhook+0x25c6 <===
5 KERNELBASE.dll!LoadLibraryExW+0xc6 <=== mechanism
6 firefox.exe!mozilla::GetBootstrap(char const*, mozilla::LibLoadingStrategy)+0x200
7 firefox.exe!InitXPCOMGlue(mozilla::LibLoadingStrategy)+0x8f
8 firefox.exe!wmain(int, wchar_t**)+0x687
9 firefox.exe!__scrt_common_main_seh()+0xfa
10 wkernel32!BaseThreadInitThunk+0x24
11 wntdll!_RtlUserThreadStart+0x2f
12 wntdll!_RtlUserThreadStart+0x1b

9) Do we know how the module is loaded?

Yes, it's being loaded via LoadLibraryExW()
and can be blocked by our machinery.
^^^^^^^^^
Uh oh!

If every company does this, guess what kind of
fireworks show would result.

So yeah, wanna be a cowboy ? Need a room full of machines
for regression testing.

Paul

On Wed, 12 Oct 2022 17:26:12 -0400, Paul wrote:
>
> The problem is a bit more nuanced than that.
>
> https://www.mozilla.org/en-US/firefox/105.0.3/releasenotes/
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=1794064
>
> Mozilla has its own internal AV behavior (that did not exist in Firefox 2,
> and is a newer addition to the feature set). In this particular
> case, it watches for injection attacks. And it can do this,
> since the browser uses 5-8 separate processes, with different
> processes for Content ones. The parent process, launching the
> others, can check them. And then, notice the Avast injection
> on the stack.
>
[snip]
>
> If every company does this, guess what kind of
> fireworks show would result.
>
> So yeah, wanna be a cowboy ? Need a room full of machines
> for regression testing.
>
> Paul

Are you suggesting that, softwares other than AV, must not protect
themselves?

On 10/12/2022 11:02 PM, JJ wrote:
> On Wed, 12 Oct 2022 17:26:12 -0400, Paul wrote:
>>
>> The problem is a bit more nuanced than that.
>>
>> https://www.mozilla.org/en-US/firefox/105.0.3/releasenotes/
>>
>> https://bugzilla.mozilla.org/show_bug.cgi?id=1794064
>>
>> Mozilla has its own internal AV behavior (that did not exist in Firefox 2,
>> and is a newer addition to the feature set). In this particular
>> case, it watches for injection attacks. And it can do this,
>> since the browser uses 5-8 separate processes, with different
>> processes for Content ones. The parent process, launching the
>> others, can check them. And then, notice the Avast injection
>> on the stack.
>>
> [snip]
>>
>> If every company does this, guess what kind of
>> fireworks show would result.
>>
>> So yeah, wanna be a cowboy ? Need a room full of machines
>> for regression testing.
>>
>> Paul
>
> Are you suggesting that, softwares other than AV, must not protect
> themselves?

The matrix of interactions is not manageable from
an organizational perspective. Nobody would know what
they're doing or what they're blowing up, if everyone
went around doing that.

Centralizing the function and allowing just one AV
on your machine, is a start.

There are all sorts of things you can do with computers,
that you shouldn't do with computers. There are good
ways and bad ways to do stuff. Like running WinXP
on top of FAT32. Can you do it ? Yes. Should you do it ?
No, and the reason is, you wouldn't have a clue when it
got infected. It would be that weak, for a person who
insists on "clicking everything in sight".

So this is, in effect, like running two AVs. We don't recommend
to people, that they run two real-time AVs at the same time,
because one product may shoot the other product in the foot
if it is not recognized. Most of the time, when you run two
AVs, you "get away with it", but again, this is not a
clever way to run a computer. Can you do it ? Sure.
Do I want to help you when it blows cookies all over the screen ?
No.

What Mozilla is doing, is using their instrumentation (the
telemetry and crash reports), to do post-analysis of problems
they've created. That turns the user base into the regression
test machines, that they should have had in-house.

Paul

"Paul" <nospam@needed.invalid> wrote

| Like running WinXP
| on top of FAT32. Can you do it ? Yes. Should you do it ?
| No...

Harrumph.

But of course I do run 3 AV programs, plus Malwarebytes,
before I go online to do my banking and to register my
credit card number in merchant databases. If any software
tries to start, believe me, it'll be massacred. :)

In article <ti8um7$1ppvb$1@dont-email.me>
"Mayayana" <mayayana@invalid.nospam> wrote:
>
> "Paul" <nospam@needed.invalid> wrote
>
> | Like running WinXP
> | on top of FAT32. Can you do it ? Yes. Should you do it ?
> | No...
>
> Harrumph.
>
> But of course I do run 3 AV programs, plus Malwarebytes,
> before I go online to do my banking and to register my
> credit card number in merchant databases. If any software
> tries to start, believe me, it'll be massacred. :)

You people are totally obsessed with this security nonsense.

I gave up years ago on those nonsense AV programs with their intrusive
crap and total failures.

I've been using a sandbox type program - and only that along with Win
7's own firewall, and I haven't had an infection in all that time

When I quit Windows, everything that came down the pike disappearss.
It's gone.

Malwarebytes was always a clunky, dead joke.

As for most of those other AV programs, they give you more intrusive,
misleading junk notices than much else. Those greedy AV/Security
programs who all want a new payment each year - YOU DON'T NEED 'EM!

Lastly, use a bank who notifies you every time your credit card is used.
That nips the theft right in the bud.

You people have no other life except for this "SECURITY-SECURITY-
SECURITY nonsense.

"Mayayana" <mayayana@invalid.nospam> wrote in news:ti8um7$1ppvb$1@dont-
email.me:

> "Paul" <nospam@needed.invalid> wrote
>
>| Like running WinXP
>| on top of FAT32. Can you do it ? Yes. Should you do it ?
>| No...
>
> Harrumph.
>
> But of course I do run 3 AV programs, plus Malwarebytes,
> before I go online to do my banking and to register my
> credit card number in merchant databases. If any software
> tries to start, believe me, it'll be massacred. :)

Wouldn't it be easier just to have a separate PC for stuff like that, rather than jump
though hoops each time? You could have the spare PC on the network, w/o print and
file-sharing turned on, and on a/on it's own VLAN to further isolate it from L2 traffic, and
behind a NAT router. You turn it on, do what you need to do, then turn it off. There
seems to be far less risk doing that, than using a PC you also use for other things.

A Linux-based PC would be ideal for this. You're not wasting money for a barely-used
Windows license, and generally, only use the browser, of which there are many for
Linux.

(PS - I myself have entered my CC info into as few vendors as possible. It's great that
many vendors now have a PayPal option to pay.)