Bug 690139 - 3432 crashes in the last week. Bug 688637 - 6691 crashes in the last week Both crashes are highly correlated to: 99% (430/435) vs. 2% (2628/116041) {D19CA586-DD6C-4a0a-96F8-14644F340D60} 59% (256/435) vs. 4% (4235/116041) {4ED1F68A-5463-4931-9384-8FFF5ED91D92 and are hitting 6.0.2 and 7 users. KaiRo makes a good point in Bug 688637 Comment 3.

Umm, we should give an explicit version range for both the add-ons and the product versions on which to block them. As this is not a malicious thing by itself, I think we should softblock (i.e. allow users to enable again) and only block the actual range of versions that cause problems.

Yes, working on getting that now. (In reply to Robert Kaiser (:kairo@mozilla.com) from comment #1) > Umm, we should give an explicit version range for both the add-ons and the > product versions on which to block them. As this is not a malicious thing by > itself, I think we should softblock (i.e. allow users to enable again) and > only block the actual range of versions that cause problems.

Just for historical purposes, last time we blocked Site Advisor we did it a hardblock. See Bug 660111.

McAfee SiteAdvisor Extension ID: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} Extension Version: <= 3.4.0 Firefox Version: >= McAfee Script Scan Extension ID: {D19CA586-DD6C-4a0a-96F8-14644F340D60} Extension Version: <= 14.4.0 Firefox Version: >= Regarding Firefox versions, these crashes happen across most major versions - I can roll up a list of all versions, unless we just want to block the highest volume versions. https://community.mcafee.com/message/207139 has some screenshot of the extensions in action.

Across all Firefox versions should be OK if we have a max version of the add-on that's blocked, so they can release a fixed version easily.

I have installed the combination of Site Advisor and Script Scan (Total Protection Package) in the QA lab but have not yet been able to reproduce the crash. McAfee is aware of the issue and we are working on refining the block criteria.

I've staged the block and it's ready for testing: https://wiki.mozilla.org/Blocklisting/Testing https://addons-dev.allizom.org/blocklist/3/%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D/7.0/Firefox/20101228030339/Darwin_x86_64-gcc3-u-i386-x86_64/en-US/nightly/Darwin%2010.6.0/default/default/10/ <emItem blockID="i48" id="{D19CA586-DD6C-4a0a-96F8-14644F340D60}"> <versionRange minVersion="0.1" maxVersion="14.4.0" severity="1"></versionRange> </emItem>

Looks good. I tested using the following versions on XP: Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0 Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0 Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 I also tested three different versions on a Windows 7 x64 machine and the blocklist was fine.

For the sake of completeness, here are the 3 Win 7 versions: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0a2) Gecko/20110930 Firefox/9.0a2 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2

Thanks Marcia. I'll block this tomorrow morning in production (I try not to block on weekends when I may not be around to deal with any issues)

Blocked in prod: https://addons.mozilla.org/en-US/firefox/blocked/i42

It looks like McAfee made a mistake with VirusScan Enterprise 8.8 Patch 1, their install.rdf for ScriptScan now contains: <em:id>{D19CA586-DD6C-4a0a-96F8-14644F340D60}</em:id> <em:type>2</em:type> <em:name>IDS_SS_NAME</em:name> <em:version>IDS_SS_VERSION</em:version> <em:creator>McAfee, Inc.</em:creator> Which means, no version info. The Scriptff.dll file now has version 14.4.0.354 (or 14.4.0.375 if you have installed Hotfix 625756 - https://kc.mcafee.com/corporate/index?page=content&id=KB71083) Is the blocklist looking at the install.rdf version or the dll version? Does the 8.8P1 version still causes crashes? More important, should this bug be reopened?