Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#10789 closed defect (not a bug)

TBB 3.5.1 not starting (Can't load xpcom)

Reported by: Sherief Owned by: mikeperry
Priority: Medium Milestone:
Component: Applications/Tor bundles/installation Version:
Severity: Keywords:
Cc: mcs, brade, gk, mttp, admin@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A number of users using version 3.5.1 cannot run TBB at all and "start tor browser" gives only this error message "Can't load xpcom".

I told the affected users to do the following:
1) Run TBB as Administrator.
2) Put the Tor Browser folder on the Desktop (or anywhere with read/write permissions).
3) Download a Firefox ESR [0] and see if it produces the same error.

All previous attempts did not work for anyone then one user replaced the xul.dll from 3.5.1 and used the one in version 3.5 and things worked for him. Meanwhile, I sent that user an email requesting the misbehaving xul.dll (gk's suggestion).

[0] https://www.mozilla.org/en-US/firefox/organizations/all.html

Child Tickets

Attachments (1)

reproduce_fun_in_windowsxp.c (875 bytes) - added by cypherpunks 3 years ago.
Reproduces env with virus or antivirus

Download all attachments as: .zip

Change History (29)

comment:1 Changed 3 years ago by Sherief

[update] The user sent his xul.dll file:
https://3.5.1.s3.amazonaws.com/xul.dll_bak

comment:2 Changed 3 years ago by cypherpunks

531cdac6dceb82ba578b4b894de3602eb78313750deb8391dd4563b9a409a478 for SHA256(xul.dll_bak)
531cdac6dceb82ba578b4b894de3602eb78313750deb8391dd4563b9a409a478 for SHA256(xul.dll) from torbrowser-install-3.5.1_en-US.exe

comment:3 Changed 3 years ago by cypherpunks

A number of users using version 3.5.1 cannot run TBB at all and "start tor browser" gives only this error message "Can't load xpcom".

What Windows version? What antivirus installed?

comment:4 Changed 3 years ago by cypherpunks

Difference for imported libs by xuls for 3.5 and 3.51

 Name DLL: msvcr100.dll
 Name DLL: NETAPI32.dll
 Name DLL: ole32.dll
+Name DLL: OLEACC.dll
 Name DLL: OLEAUT32.dll
 Name DLL: PSAPI.DLL
 Name DLL: RASAPI32.DLL

comment:5 Changed 3 years ago by cypherpunks

The same? bug was reported for 3.5 in #10546

comment:6 Changed 3 years ago by cypherpunks

Download a Firefox ESR [0] and see if it produces the same error.

All DLLs for original Firefox is signed. If problem happens for some security software that prevents loading modified dlls while allow any changes if signed code, then original Firefox can't be used as indicator.

comment:7 Changed 3 years ago by gk

Some information Sherief forgot to add to the bug: the users were on Windows 7 and 8 and using a vanilla Firefox 24 ESR produced for one user exactly the same error while it started up successfully for others IIRC.

Changed 3 years ago by cypherpunks

Reproduces env with virus or antivirus

comment:8 Changed 3 years ago by cypherpunks

It's not bug with Firefox or Torbrowser, no code used to load of xul.dll was changed since 24ESR appear:
nsBrowserApp.cpp, nsXPCOMGlue.cpp, FileUtils.cpp

You can to reproduce scenario probably happens for such bug with attached code.

Last edited 3 years ago by cypherpunks (previous) (diff)

comment:9 Changed 3 years ago by cypherpunks

Very non-informative message box. Those message happens if something wrong with one of 13 dlls from dependentlibs.list or list file itself. Broken, blocked, by indexer or by antivirus or something yet.
If xul.dll replacement helped for some case it doesn't means all cases is about problem with loading and running this one dll.

comment:10 Changed 3 years ago by mttp

Another clue from an affected user:

I think the issue is with this software : http://www.webroot.com/us/en/
As soon as I uninstall it, TOR works. But with this software installed - it does not.

Last edited 3 years ago by mttp (previous) (diff)

comment:11 Changed 3 years ago by cypherpunks

http://www.webroot.com/us/en/

They offers free trial, but at least 3 different products for PC.
http://www.webroot.com/us/en/home/products/trials
Which one to try?

comment:12 Changed 3 years ago by cypherpunks

Webroot

It was reported as problem for Firefox too.

comment:13 Changed 3 years ago by lunar

I've seen at least 3 occurrences on the help desk today.

comment:14 Changed 3 years ago by phoul

  • Cc admin@… added

comment:15 Changed 3 years ago by cypherpunks

Found report about WSA (v8.0.4.46) (Webroot® SecureAnywhere™) blocking mozglue.dll for vanilla 24ESR. User tried to install fresh firefox but it failed with Application Error (0xc0000022)" and after installing ESR they got "Couldn't load XPCOM."

comment:16 in reply to: ↑ description Changed 3 years ago by cypherpunks

I told the affected users to do the following:
1) Run TBB as Administrator.
2) Put the Tor Browser folder on the Desktop (or anywhere with read/write permissions).
3) Download a Firefox ESR [0] and see if it produces the same error.

Webroot

Last edited 3 years ago by cypherpunks (previous) (diff)

comment:18 follow-up: Changed 3 years ago by cypherpunks

Put the Tor Browser folder on the Desktop (or anywhere with read/write permissions).

Could you to ask users used Webroot to install TBB to new directory explicitly.

Last edited 3 years ago by cypherpunks (previous) (diff)

comment:19 Changed 3 years ago by cypherpunks

Webroot

Last edited 3 years ago by cypherpunks (previous) (diff)

comment:20 Changed 3 years ago by cypherpunks

Creating of new user account or installing to different path unlikely can help with case of webroot.
It blocking every changes even if new directory, it's matter only name of file it seems. It named browser protection.
https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Webroot-doesn-t-like-Google-Chrome/m-p/80691#M5160
https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Webroot-doesn-t-like-Google-Chrome/m-p/80727#M5163

If user want to install new version of browser they should to manually white-list every blocked files, and don't blame excelent brilliant unbreakable perfect closed-source AV software.
https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Webroot-doesn-t-like-Google-Chrome/m-p/81317#M5190

Webroot already rooted windowz boxes, relax.

comment:21 Changed 3 years ago by cypherpunks

  • Resolution set to not a bug
  • Status changed from new to closed

comment:22 in reply to: ↑ 18 Changed 3 years ago by mttp

Replying to cypherpunks:

Put the Tor Browser folder on the Desktop (or anywhere with read/write permissions).

Could you to ask users used Webroot to install TBB to new directory explicitly.

I'm not understanding why this would make a difference.

comment:23 Changed 3 years ago by arma

Was this ticket closed because the issue is resolved? Or what? If so, what's the resolution?

comment:24 Changed 3 years ago by arma

In a comment on the blog somebody said:

"Solution: If you have webroot antivirus, go to ---IDENTITY PROTECTION ---Application Protection ---and allow gkmedias.dll in C:\users\..\tor browser\browser"

https://blog.torproject.org/blog/tor-browser-352-released#comment-47052

comment:25 Changed 3 years ago by cypherpunks

Was this ticket closed because the issue is resolved? Or what? If so, what's the resolution?

It's not bug of TBB code, installer, or anything that open-source coders can to fix.
And no workarounds exists that open-source coders can to write.

"Solution: If you have webroot antivirus, go to ---IDENTITY PROTECTION ---Application Protection ---and allow gkmedias.dll in C:\users\..\tor browser\browser"

Or yet 12 another dlls.

It's bug (or feature, whatever they named it) Webroot. Users of Webroot chose to pay for such pain, we should to respect their choice.

comment:26 Changed 3 years ago by cypherpunks

I'm not understanding why this would make a difference.

Webroot showing blocked dlls with path. Idea was that webroot detects changed dll and protect app with such blocking against malware infection. If new path then should be another app, then why to block dll? But seems like it's feature to block every new dll if webroot already known such name and hash different. Or it hardcodes dlls names for browsers and protect it such way.

comment:27 Changed 3 years ago by cypherpunks

Or it hardcodes dlls names for browsers and protect it such way.

https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Webroot-doesn-t-like-Google-Chrome/m-p/80709#M5162
They need to whitelist every new update for browser. 99.9% protection ftw! Next level is to turn off your box then 100% protection guaranteed.

comment:28 Changed 3 years ago by cypherpunks

Very non-informative message box. Those message happens if something wrong with one of 13 dlls from dependentlibs.list or list file itself.

https://bugzilla.mozilla.org/show_bug.cgi?id=972932

You could to add more details and help with fix.

Note: See TracTickets for help on using tickets.