itman 1,801 Posted July 29 Posted July 29 (edited) Per the below Browser protection log entries, this has happened to date for two Firefox updates. Appears Firefox attempts to load updated .dlls into memory and Eset blocks the activity. Luckily, it only happens at Firefox update time and does not occur on subsequent Firefox startups thereafter; Quote Time;Action;File;Hash;Information;User 6/25/2024 11:35:35 AM;Blocked;c:\program files\mozilla firefox\mozglue.dll;27C73014334E04778992D7BCA18BB7ECAFA65680;Untrusted file;xxxxxxxxxx 6/25/2024 11:36:01 AM;Blocked;c:\program files\mozilla firefox\nss3.dll;252E64F4C98045F35E729414B58B86C432E33D16;Untrusted file;xxxxxxxxxx 6/25/2024 11:36:01 AM;Blocked;c:\program files\mozilla firefox\gkcodecs.dll;5EE30BE8EC53997C9C8F78F359D122DB1C915D98;Untrusted file;xxxxxxxxxx 6/25/2024 11:36:01 AM;Blocked;c:\program files\mozilla firefox\lgpllibs.dll;AE8BC5383218301F97FE55336D2C5F1793BD1246;Untrusted file;xxxxxxxxxx 6/25/2024 11:36:04 AM;Blocked;c:\program files\mozilla firefox\xul.dll;D4B6F0222712DE27DBFF6958D682CDEBCF0B91C2;Untrusted file;xxxxxxxxxx 6/25/2024 11:36:05 AM;Blocked;c:\program files\mozilla firefox\softokn3.dll;9BD0F99EA295BF19251A6CBB7FDC4036B1B875BD;Untrusted file;xxxxxxxxxx 6/25/2024 11:36:05 AM;Blocked;c:\program files\mozilla firefox\freebl3.dll;28E44614BF2CBD2B60C7C4816FE7595B118FFC7D;Untrusted file;xxxxxxxxxx 6/25/2024 11:36:05 AM;Blocked;c:\program files\mozilla firefox\ipcclientcerts.dll;EE5A466DA479FD3F3CEB8B3CA28FC09C08F0819A;Untrusted file;xxxxxxxxxx 6/25/2024 11:36:05 AM;Blocked;c:\program files\mozilla firefox\libglesv2.dll;B556C120716B02578BDDCAEABCF1DC90CB65113A;Untrusted file;xxxxxxxxxx 6/25/2024 11:36:05 AM;Blocked;c:\program files\mozilla firefox\libegl.dll;62E488CB1FCDE82269981BEA6FA622C444DEC578;Untrusted file;xxxxxxxxxx 6/25/2024 11:36:07 AM;Blocked;c:\program files\mozilla firefox\nssckbi.dll;DE812FB818AC53AF8FB921EF3360BDCC43A3CA44;Untrusted file;xxxxxxxxxx 6/25/2024 11:36:08 AM;Blocked;c:\program files\mozilla firefox\osclientcerts.dll;BFBBE38628276709C04C039F082AF56B367C6C87;Untrusted file;xxxxxxxxxx 6/25/2024 11:36:09 AM;Blocked;c:\program files\mozilla firefox\mozavcodec.dll;5AE2E014729ABD2E4A3EA5ED15B24E07F38EEA91;Untrusted file;xxxxxxxxxx 6/25/2024 11:36:31 AM;Blocked;c:\program files\mozilla firefox\mozavutil.dll;FAD8A8BE7816A8ACE3057614E7311E42AA504D28;Untrusted file;xxxxxxxxxx 7/26/2024 10:53:40 AM;Blocked;c:\program files\mozilla firefox\mozglue.dll;6B3A6C2B9884D0A92178B9D4BD345D4A6EB0EC7B;Untrusted file;xxxxxxxxxx 7/26/2024 10:54:23 AM;Blocked;c:\program files\mozilla firefox\nss3.dll;A64643758917B9715B037C9FD0B960D748139BBE;Untrusted file;xxxxxxxxxx 7/26/2024 10:54:23 AM;Blocked;c:\program files\mozilla firefox\gkcodecs.dll;A83ECF57AF41B84EE0ABFBE4CCAAE074EC18EEDE;Untrusted file;xxxxxxxxxx 7/26/2024 10:54:23 AM;Blocked;c:\program files\mozilla firefox\lgpllibs.dll;704CA20B86FADA5929F3BB0FFE731F6DA79AF605;Untrusted file;xxxxxxxxxx 7/26/2024 10:54:26 AM;Blocked;c:\program files\mozilla firefox\xul.dll;C5EECFDB7E4B7E03866753EDD5833EB8067116FB;Untrusted file;xxxxxxxxxx 7/26/2024 10:54:27 AM;Blocked;c:\program files\mozilla firefox\softokn3.dll;5AEEEF7EEF209AED6E1F23849CDFD46C3BEABA5B;Untrusted file;xxxxxxxxxx 7/26/2024 10:54:27 AM;Blocked;c:\program files\mozilla firefox\freebl3.dll;3B318C4A05477A24973DA22C3A8A9DAF29C6F10D;Untrusted file;xxxxxxxxxx 7/26/2024 10:54:27 AM;Blocked;c:\program files\mozilla firefox\ipcclientcerts.dll;5268E22B982BF35F93F173287FD11E70BC616DF2;Untrusted file;xxxxxxxxxx 7/26/2024 10:54:27 AM;Blocked;c:\program files\mozilla firefox\libglesv2.dll;FA36A2866D232DA41910AB8484D20E4259459291;Untrusted file;xxxxxxxxxx 7/26/2024 10:54:27 AM;Blocked;c:\program files\mozilla firefox\libegl.dll;EC434693316251F3D6EFD7AC581F0CEADCE29E62;Untrusted file;xxxxxxxxxx 7/26/2024 10:54:29 AM;Blocked;c:\program files\mozilla firefox\nssckbi.dll;FDF27C78B2AD7AF446ECC22D16DF12BC80E68139;Untrusted file;xxxxxxxxxx 7/26/2024 10:54:30 AM;Blocked;c:\program files\mozilla firefox\osclientcerts.dll;E3FE5E197FFEDA0EFD2CDB8C0DCAFF6DFFD6DA5C;Untrusted file;xxxxxxxxxx 7/26/2024 10:54:31 AM;Blocked;c:\program files\mozilla firefox\mozavcodec.dll;2471109DA279E5D05480B5006E4BE453EFC34CC1;Untrusted file;xxxxxxxxxx 7/26/2024 10:55:44 AM;Blocked;c:\program files\mozilla firefox\mozavutil.dll;893386C71B520BB28196B7060534FB7A778DA2A0;Untrusted file;xxxxxxxxxx Edited July 29 by itman
itman 1,801 Posted July 29 Author Posted July 29 (edited) Forgot to mention this. Based on the file time stamps in the Firefox directory for the 7/26 update, it appears Firefox attempted to load the updated .dlls into its memory space prior to the files being updated in its directory. The file updating actually occurring on directed manual restart of Firefox. Edited July 29 by itman
Administrators Marcos 5,450 Posted July 29 Administrators Posted July 29 It's weird that the dlls were considered untrusted since the certificate was whitelisted in May already. I'm waiting for developers to comment it.
itman 1,801 Posted July 29 Author Posted July 29 (edited) 3 hours ago, Marcos said: It's weird that the dlls were considered untrusted since the certificate was whitelisted in May already. As far as the cert. associated with the 7/26 updated .dlls, it shows a signing date of 7/25/2024. Cert. was a code signing one issued by Digicert; Also, I never received any Eset alert these .dlls were blocked. Edited July 29 by itman
itman 1,801 Posted July 30 Author Posted July 30 (edited) Yesterday I went to a web site that I frequent often to make a purchase. Firefox locked up as noted previously in this forum posting: https://forum.eset.com/topic/41758-firefox-hangs-in-ver-172/ . This has never happened previously when accessing this web site. I have had it with the Secure all browsers feature. It no longer works properly with Firefox and I am tired of trying to get it to work. As long as Safe Banking Browser protection works w/o issue that is sufficient for me. Edited July 30 by itman micasayyo 1
itman 1,801 Posted July 30 Author Posted July 30 Since I can't use Secure all browsers option with Firefox, I would like to see the Websites redirection feature added back to ver. 17. This would allow me to manually add web site URLs that would auto open upon access to Safe Banking secured browser mode. This option would only be effective if Secure all browsers mode is disabled.
ESET Staff constexpr 47 Posted July 31 ESET Staff Posted July 31 Having a problem with Firefox even after restarting the browser (in Secure All Browsers mode)? We're looking into it, but once Firefox update was blocked, it should be allowed the next time it's launched.
Administrators Marcos 5,450 Posted July 31 Administrators Posted July 31 @itman please provide C:\ProgramData\ESET\ESET Security\local.db for a check.
itman 1,801 Posted July 31 Author Posted July 31 3 hours ago, Marcos said: @itman please provide C:\ProgramData\ESET\ESET Security\local.db for a check. Note, Secure all browsers is disabled when the file was created; local.zip
itman 1,801 Posted July 31 Author Posted July 31 (edited) 4 hours ago, constexpr said: Having a problem with Firefox even after restarting the browser (in Secure All Browsers mode)? I have been having the Eset ver. 17 lockup issue w/loss of Internet connectivity in Firefox w/Secure all browsers enabled since ver. 127. It got worse with ver. 128. Edited July 31 by itman
Administrators Marcos 5,450 Posted July 31 Administrators Posted July 31 We are in touch with Mozilla developers and they will try to make some changes that might help mitigate this issue. We'll see in future versions of Firefox if it helps. DanielJUK and Peter Randziak 2
itman 1,801 Posted July 31 Author Posted July 31 (edited) 20 hours ago, Marcos said: We are in touch with Mozilla developers and they will try to make some changes that might help mitigate this issue. We'll see in future versions of Firefox if it helps. Sounds like this will take some time to resolve; if it does get resolved. I would still like to see Websites redirection feature added back. Note I am referring to user manual addition of web site URLs; not the past problematic Eset auto creation of same. The feature should have never been removed for just this situation. Edited August 1 by itman
Recommended Posts