Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Mozilla Firefox (and add-ons) Protection Layer: Protection Against OS Security Bypass Protection Technique: Exploit ROP gadget attack blocked

  • 8 replies
  • 1 has this problem
  • 22 views
  • Last reply by ItBme

more options

Firefox updated yesterday to ver 90.0.1 (64-bit). Today when I open Firefox browser, Malwarebytes blocks an exploit with thiis message: Malwarebytes www.malwarebytes.com

-Log Details- Protection Event Date: 7/21/21 Protection Event Time: 1:37 PM Log File: 577494dc-ea4a-11eb-a649-54bf641896a0.json

-Software Information- Version: 4.4.2.123 Components Version: 1.0.1358 Update Package Version: 1.0.43331 License: Premium

-System Information- OS: Windows 10 (Build 19043.1110) CPU: x64 File System: NTFS User: System

-Exploit Details- File: 0 (No malicious items detected)

Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, ,

-Exploit Data- Affected Application: Mozilla Firefox (and add-ons) Protection Layer: Protection Against OS Security Bypass Protection Technique: Exploit ROP gadget attack blocked File Name: URL:


(end)


When I open in safe mode, no problem. I can not find the extension causing the problem

All Replies (8)

more options

Do you want to share your extensions list? You can copy/paste it from the Troubleshooting Information page. Either:

  • "3-bar" menu button > Help > More Troubleshooting Information
  • (menu bar) Help > More Troubleshooting Information
  • type or paste about:support in the address bar and press Enter

Scroll down past "Application Basics" and "Firefox Features" to "Add-ons". Then you can select and copy the table that follows (not the entire page, please, that's too much information) using either Ctrl+c or right-click > Copy and then paste it into a reply. It will be messy, but we're used it.

Helpful?

more options

AdBlocker Ultimate Chrome Store Foxified Disconnect Eno® from Capital One® F.B Purity - Cleans up Facebook HTTPS Everywhere LastPass: Free Password Manager Malwarebytes Browser Guard Page Translator Revised WebRTC Control

The only extension recently updated is LastPass. I have disabled it, uninstalled it and I still get the exploit message with or without lastpass. No problems with Chrome

Helpful?

more options

Can you try:

AdBlocker Ultimate - ENABLED Chrome Store Foxified - DISABLED Disconnect - ENABLED Eno® from Capital One® - DISABLED F.B Purity - Cleans up Facebook - DISABLED HTTPS Everywhere - DISABLED LastPass: Free Password Manager - ENABLED Malwarebytes Browser Guard - ENABLED Page Translator Revised - DISABLED WebRTC Control - DISABLED

Helpful?

more options

Thanks for the advise. Unfortunately, same result. I do have Malwarebytes Premium. What had to do is remove protection against RET ROP gadget protection. Not so sure I am comfortable with it.

Helpful?

more options

Did you try disabling the four other extensions to see whether that makes any difference?

When I run a site-targeted Google search of Malwarebytes' site, most of the results are quite old now:

https://www.google.com/search?q=firefox+RET+ROP+gadget+protection+site%3Amalwarebytes.com

Helpful?

more options

Note that disabling an extension might not be sufficient since the extension is still installed and present. Only an uninstall would work in this case.

Doesn't give Malwarebytes' give more detail e.g. in the log file (577494dc-ea4a-11eb-a649-54bf641896a0.json) ?

Helpful?

more options

I tried it with the extensions uninstalled as well. No other info from Malwarebytes other than what I posted. I'm still checking in their forum. What I found is advice to do what I did to stop the message

Helpful?

more options

UPDATE:

I decided to reinstall Malwarebytes. There was an update today which I did install, but the problem persisted. So reinstalled the program entirely. Problem gone! Thanks so much for your help!

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.