FF broke on JAR50.DLL

Hi malware fighters,

I had to reinstall Firefox, because it would not start because of a repeated error in JAR50.DLL a mozilla file in FF 1.5.0.6.
The error occured when I tried to activate McAfeeSiteAdvisor.
Also found an Exell file inside the plug-ins named Capture Analysis (Joel R. Helgerson) with all various UDP ports, but these two things might not being associated. Why the JAR50.DLL got corrupted and took the whole browser down, so that it could not be started, is not clear to me. Anyone having an idea?
I still have Flock on the same configuration, and recently brought to the latetst version. But these things still make me aware.

polonus

I’m using Firefox 1.5.0.6 and McAfee SiteAdvisor 23.0.3532.
No trouble… untill now…

Hi Tech,

The jar50.dll thing in the start up is a known bug, and
ok, i just took a peek at it and there are some missing fields in the firefox.exe portion of the script. these fields are required by other programs to communicate with firefox because they are integrated together.
It is even possible that FF refuses to start when a trojan tries to hijack it, which is actually good, because IE and a FW would not warn you at all. Not that this should be the case here, I think this is a cooruption, because of a plug-in not working properly, and a fresh re-install was needed.
But there are more sides to this bug, and it can also appear when there are problems with Flash Player.
The sequences of dll calls are critical, and to debug you have to have to copy such an event. This is to show that browser security isn’t easy, no it is not easy at all.
Anyway this kind of problem also was found in Netscape, and with the XP SP1 installing routine.

I looked into this with dependency walker, it started with error opening file for the dependant dlls like XPCOM_CORE.DLL. NSPR4.DLL. PLC4.DLL, PLDS4.DLL there are allecation errors there. So the error opening files is a genuine bug. But this could be of a different search path for FF: (dynamic C exports to separate functions and looking in module’s file header) to explain dependency walkers findings,

after trying a bug with following code on FF 1.5.0.6 JAR50.DLL also collapsed, and the browser could not be started.

window.navigator = (0x01020304 / 2);
java.lang.reflect.Runtime.newInstance( java.lang.Class.forName(“java.lang.Runtime”), 0);

polonus

Hello forum folks,

Well I have to take back my words after a plc4.dll or jar50.dll crash, it is possible to let the browser run after restarting the computer.

Just to let you know. Other thing is never had these stability problems after an upload or crash with the Flock browser.
The call to LoadLibrary(ext) failed, Win32 error 127
For example some component DLL might load fine, but others won’t because entry points are missing or floating point exeptions (bit precision (80 where 60 is accepted) crash by Mozilla control). This can cause bizarre behaviour where some components can be created but not others.

This could lead to Delphi coded malware, mark my words.

polonus

Using F.F. 1.5.0.6 and site advisor 21.0 3532 with no problems here.