Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Mozilla Firefox (and add-ons) Protection Layer: Protection Against OS Security Bypass Protection Technique: Exploit ROP gadget attack blocked
Firefox updated yesterday to ver 90.0.1 (64-bit). Today when I open Firefox browser, Malwarebytes blocks an exploit with thiis message: Malwarebytes www.malwarebytes.com
-Log Details- Protection Event Date: 7/21/21 Protection Event Time: 1:37 PM Log File: 577494dc-ea4a-11eb-a649-54bf641896a0.json
-Software Information- Version: 4.4.2.123 Components Version: 1.0.1358 Update Package Version: 1.0.43331 License: Premium
-System Information- OS: Windows 10 (Build 19043.1110) CPU: x64 File System: NTFS User: System
-Exploit Details- File: 0 (No malicious items detected)
Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, ,
-Exploit Data- Affected Application: Mozilla Firefox (and add-ons) Protection Layer: Protection Against OS Security Bypass Protection Technique: Exploit ROP gadget attack blocked File Name: URL:
(end)
When I open in safe mode, no problem. I can not find the extension causing the problem
All Replies (8)
Do you want to share your extensions list? You can copy/paste it from the Troubleshooting Information page. Either:
- "3-bar" menu button > Help > More Troubleshooting Information
- (menu bar) Help > More Troubleshooting Information
- type or paste about:support in the address bar and press Enter
Scroll down past "Application Basics" and "Firefox Features" to "Add-ons". Then you can select and copy the table that follows (not the entire page, please, that's too much information) using either Ctrl+c or right-click > Copy and then paste it into a reply. It will be messy, but we're used it.
AdBlocker Ultimate Chrome Store Foxified Disconnect Eno® from Capital One® F.B Purity - Cleans up Facebook HTTPS Everywhere LastPass: Free Password Manager Malwarebytes Browser Guard Page Translator Revised WebRTC Control
The only extension recently updated is LastPass. I have disabled it, uninstalled it and I still get the exploit message with or without lastpass. No problems with Chrome
Can you try:
AdBlocker Ultimate - ENABLED Chrome Store Foxified - DISABLED Disconnect - ENABLED Eno® from Capital One® - DISABLED F.B Purity - Cleans up Facebook - DISABLED HTTPS Everywhere - DISABLED LastPass: Free Password Manager - ENABLED Malwarebytes Browser Guard - ENABLED Page Translator Revised - DISABLED WebRTC Control - DISABLED
Thanks for the advise. Unfortunately, same result. I do have Malwarebytes Premium. What had to do is remove protection against RET ROP gadget protection. Not so sure I am comfortable with it.
Did you try disabling the four other extensions to see whether that makes any difference?
When I run a site-targeted Google search of Malwarebytes' site, most of the results are quite old now:
https://www.google.com/search?q=firefox+RET+ROP+gadget+protection+site%3Amalwarebytes.com
Note that disabling an extension might not be sufficient since the extension is still installed and present. Only an uninstall would work in this case.
Doesn't give Malwarebytes' give more detail e.g. in the log file (577494dc-ea4a-11eb-a649-54bf641896a0.json) ?
I tried it with the extensions uninstalled as well. No other info from Malwarebytes other than what I posted. I'm still checking in their forum. What I found is advice to do what I did to stop the message
UPDATE:
I decided to reinstall Malwarebytes. There was an update today which I did install, but the problem persisted. So reinstalled the program entirely. Problem gone! Thanks so much for your help!