Dirk Munk wrote:
I have Sophos anti-virus (etc.) running on my PC, and a few days ago
it reported a ROP problem with Seamonkey and closed it down.
After restarting Seamonkey everything was fine again.
Sophos gave this trace of the problem:
Mitigation ROP
Platform 10.0.17134/x64 v614 06_3a
PID 18136
Application C:\Program Files\SeaMonkey\seamonkey.exe
Description SeaMonkey 2.49.3
Callee Type LoadLibrary
Stack Trace
# Address Module Location
-- ---------------- ------------------------
----------------------------------------
1 00007FFD8A0FBC4D KernelBase.dll
2 00007FFD8D6927D7 ntdll.dll
3 00007FFD8D67AC26 ntdll.dll __C_specific_handler +0x96
4 00007FFD8D68EDCD ntdll.dll __chkstk +0x11d
5 00007FFD8D5F6C86 ntdll.dll
6 00007FFD8D68DCFE ntdll.dll KiUserExceptionDispatcher +0x2e
7 00007FFD3CFAF0FD xul.dll
80791000 CMP BYTE
[RCX+0x10], 0x0
7465 JZ 0x7ffd3cfaf168
83b91c2b000000 CMP DWORD
[RCX+0x2b1c], 0x0
7416 JZ 0x7ffd3cfaf122
498bc0 MOV RAX, R8
482500f0ffff AND RAX,
0xfffffffffffff000
488b4008 MOV RAX, [RAX+0x8]
83b87008000000 CMP DWORD
[RAX+0x870], 0x0
7446 JZ 0x7ffd3cfaf168
4d85c0 TEST R8, R8
740c JZ 0x7ffd3cfaf133
4881cae8ff0f00 OR RDX, 0xfffe8
833a01 CMP DWORD [RDX],
0x1
7435 JZ 0x7ffd3cfaf168
498bc0 MOV RAX, R8
4981e0a0c0ffff AND R8,
0xffffffffffffc0a0
8 00007FFD3A505F69 xul.dll
9 00007FFD3A50611B xul.dll
10 00007FFD3CFF9A07 xul.dll
Process Trace
1 C:\Program Files\SeaMonkey\seamonkey.exe [18136]
2 C:\Windows\explorer.exe [11128]
3 C:\Windows\System32\userinit.exe [10980]
4 C:\Windows\System32\winlogon.exe [812]
winlogon.exe
Thumbprint
6b7c6ddb5008f8cfec2b72d6c65841972bb2c3f0f227ed14ea6b1187aec1429d
This is a security problem. According to Sophos, Seamonkey is doing
something it should not be doing, perhaps executing a piece of malicious
code from a web site?
I've seen the problem more often now, and I wonder if someone can have a
look at it?
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey
