[Update 2/18/2020: Mozilla has released Firefox 73.0.1 which reportedly fixes the compatibility issue with 0patch and some other security products. If you implemented the steps for temporarily excluding Firefox from injection by 0patch Agent, you can revert that as explained below.]
Mozilla Firefox 73 has a compatibility issue with 0patch Agent that can lead to Firefox silently crashing upon launching. This manifests itself in Firefox simply not launching when you try to run it, while the Application event log shows an Application Error (event ID 1000) for process firefox.exe.
We were initially made aware of this issue by a kind user involved with testing Firefox Nightly version 73, and tried to find a solution with the Firefox team. Apparently the new Firefox includes a functionality that requires hooking the LdrLoadDll Windows API function. Unfortunately, 0patch Agent also tries to do the same, and when Firefox wins the race, it doesn't crash but when 0patch wins the race, Firefox crashes.
You can see the issue tracked in Mozilla's Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1604008
Users of Firefox may or may not be affected by this - if you see Firefox producing an Application Error in the Application event log, you can instruct 0patch Agent to exclude Firefox from injection via Registry.
Excluding Firefox from injection by 0patch Agent
As administrator, set the registry value HKLM\Software\0patch\ExcludeModules to "firefox.exe" (without quotes). Then to enforce this new setting without restarting your computer, change the value of HKLM\SOFTWARE\0patch\CallbackKeys\UnloadLoaderDll\Counter to any other number than it already has (this removes 0patch loader from all processes), and restart the 0patch Service.
This can be done using the following command-line script executed as administrator:
PowerShell
reg add HKEY_LOCAL_MACHINE\SOFTWARE\0patch /v ExcludeModules /t REG_SZ /d "firefox.exe" /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\0patch\CallbackKeys\UnloadLoaderDll /v Counter /t REG_DWORD /d $(Get-Random) /f
net stop 0patchService
net start 0patchService
Command Prompt / cmd.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\0patch /v ExcludeModules /t REG_SZ /d "firefox.exe" /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\0patch\CallbackKeys\UnloadLoaderDll /v Counter /t REG_DWORD /d %random%%random% /f
net stop 0patchService
net start 0patchService
Re-including Firefox for injection by 0patch Agent
As administrator, set the registry value HKLM\Software\0patch\ExcludeModules to an empty string. Then to enforce this new setting without restarting your computer, change the value of HKLM\SOFTWARE\0patch\CallbackKeys\UnloadLoaderDll\Counter to any other number than it already has (this removes 0patch loader from all processes), and restart the 0patch Service.
This can be done using the following command-line script executed as administrator:
PowerShell
reg add HKEY_LOCAL_MACHINE\SOFTWARE\0patch /v ExcludeModules /t REG_SZ /d "" /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\0patch\CallbackKeys\UnloadLoaderDll /v Counter /t REG_DWORD /d $(Get-Random) /f
net stop 0patchService
net start 0patchService
Command Prompt / cmd.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\0patch /v ExcludeModules /t REG_SZ /d "" /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\0patch\CallbackKeys\UnloadLoaderDll /v Counter /t REG_DWORD /d %random%%random% /f
net stop 0patchService
net start 0patchService
7 Comments