Ubuntu
firefox package

[regression] firefox dies with SIGILL on machines without SSE2

Bug #1697800 reported by hackerb9
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)
Confirmed
Undecided
Ubuntu Security Team

Bug Description

I'm running Ubuntu 16.04 on an old laptop. Firefox used to work on
fine until I did an 'apt upgrade'.

Worked: 50.1.0+build2-0ubuntu0.16.04.1
Fails: 53.0.3+build1-0ubuntu0.16.04.2

The bug was a little tricky to track down since AppArmor was killing
firefox. I believe the AppArmor error is irrelevant for this bug
report, but I mention it for completeness (and so other people can
google for this problem):

    "/usr/bin/python3: error while loading shared libraries:
    cannot apply additional memory protection after relocation:
    Permission denied"

I disabled AppArmor (aa-disable '/usr/lib/firefox/firefox{,*[^s][^h]}')
and now Firefox dies like so:

    ExceptionHandler::GenerateDump cloned child 14258
    ExceptionHandler::SendContinueSignalToChild sent continue signal to child
    ExceptionHandler::WaitForContinueSignal waiting for continue signal...
    Failed to open curl lib from binary, use libcurl.so instead

Using gdb to figure it out, I see that the process is getting SIGILL
(Illegal Instruction). To figure out exactly which instruction is the
problem, I ran gdb as follows:

    $ gdb /usr/lib/firefox/firefox
    GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.04) 7.11.1
    [...]
    Reading symbols from /usr/lib/firefox/firefox...(no debugging symbols found)...done.
    (gdb) set disassemble-next-line on
    (gdb) run
    Starting program: /usr/lib/firefox/firefox
    [Thread debugging using libthread_db enabled]
    Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
    [New Thread 0xb15c4b40 (LWP 14296)]
    [Thread 0xb15c4b40 (LWP 14296) exited]
    warning: Corrupted shared library list: 0xb794cc00 != 0xb794b800
    [...]
    Thread 1 "firefox" received signal SIGILL, Illegal instruction.
    0x4b9f826c in ?? ()
    => 0x4b9f826c: f2 0f 11 74 24 30 movsd %xmm6,0x30(%esp)

MOVSD is an SSE2 instruction, which my machine does not support.

    $ grep flags /proc/cpuinfo
    flags : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov pse36 mmx fxsr sse

I had been under the impression that firefox is supposed to only use
SSE2 if it is available. Is that not correct? It certainly used to
work. Perhaps there is something wrong in how Ubuntu is building the
binary.

[Side note: There are actually two "movsd" instructions for the Intel
x86 architecture. The original one (Move String, opcode A5) is
supported by everything back to the 80386, but this one (Move Scalar,
opcode F2 0F 11) requires SSE2. Maybe that is the source of the
confusion.]

Thank you.

  $ lsb_release -rd
  Description: Ubuntu 16.04.2 LTS
  Release: 16.04

  $ apt-cache policy firefox
  firefox:
    Installed: 53.0.3+build1-0ubuntu0.16.04.2
    Candidate: 53.0.3+build1-0ubuntu0.16.04.2
    Version table:
   *** 53.0.3+build1-0ubuntu0.16.04.2 500
   500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages
   500 http://security.ubuntu.com/ubuntu xenial-security/main i386 Packages
   100 /var/lib/dpkg/status
       45.0.2+build1-0ubuntu1 500
   500 http://us.archive.ubuntu.com/ubuntu xenial/main i386 Packages

Daniel van Vugt (vanvugt)
tags: added: regression-update
summary: - firefox dies with SIGILL on machines without SSE2
+ [regression] firefox dies with SIGILL on machines without SSE2
Revision history for this message
Simon Déziel (sdeziel) wrote :

Looks like it would be intentional according to https://www.mozilla.org/en-US/firefox/53.0/releasenotes/ :

"Ended Firefox Linux support for processors older than Pentium 4 and AMD Opteron"

Also, for Windows, they require SSE2 since Firefox 49.

Brian Murray (brian-murray)
Changed in firefox (Ubuntu):
assignee: nobody → Canonical Security Team (canonical-security)
Revision history for this message
hackerb9 (hackerb9) wrote :

I tried the version the version just released,
54.0+build3-0ubuntu0.16.04.1, and it appears Firefox is working again
on a machine without SSE2. Thank you!

I don't see anything in 'apt changelog firefox' describing what was
done to fix it, though. Was it recompiled with different flags?
This isn't just accidentally working, right?

Revision history for this message
hackerb9 (hackerb9) wrote :

Spoke too soon. Firefox does still die of SIGILL, it just doesn't die
immediately. It is still choking on an SSE2 instruction, though, so
this is the same bug.

    Thread 1 "firefox" received signal SIGILL, Illegal instruction.
    0xb20eab29 in ?? () from /usr/lib/firefox/libxul.so
    => 0xb20eab29: 66 0f 6c cc punpcklqdq %xmm4,%xmm1
    (gdb)

Revision history for this message
hackerb9 (hackerb9) wrote :

You can trigger a crash immediately on a machine without SSE2 by
running firefox 54 like so:

    firefox https://www.quirksmode.org/html5/videos/big_buck_bunny.mp4

(Note that it must be an mp4 video. VP8 and Vorbis still work fine.)

Revision history for this message
hackerb9 (hackerb9) wrote :

It looks like this has been in the works for awhile and Mozilla had intended for Firefox to detect SSE2 support in the installer and in the automatic updates. Of course, Ubuntu is skipping both of those.

  https://bugzilla.mozilla.org/show_bug.cgi?id=1308167

It's urgent that this gets fixed. The way things are right now, if people do a normal upgrade to 16.04, they can end up with a broken system.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

None of the upgrade tools are in a position to check architecture features before installing a package. There may not be a happy solution here.

Once you downgrade to a working version of Firefox you can use

sudo apt-mark hold firefox

to try to keep the updating tools from replacing it.

Note that doing this will prevent you from getting security updates for Firefox.

To undo this operation you can run

sudo apt-mark unhold firefox

Do not undertake this step lightly -- running a known-insecure webbrowser is probably a bad idea.

Thanks

Revision history for this message
hackerb9 (hackerb9) wrote :

By the way, since this problem is already causing Ubuntu LTS systems to break, it may make sense to implement a quick stopgap solution. One possibility is to change the version of Firefox in 16.04 to "firefox-esr" (Extended Support Release). While this release will only be supported by Mozilla until March 2018, which is not enough for LTS, it's available now and works.

https://support.mozilla.org/en-US/kb/your-hardware-no-longer-supported:

    "Firefox Extended Support Release (ESR) will continue to work with older processors but will not receive updates beyond ESR version 52. Firefox ESR version 59, scheduled for release in March 2018, will no longer be supported."

You can find ESR here: https://www.mozilla.org/en-US/firefox/organizations/

Revision history for this message
hackerb9 (hackerb9) wrote :

Seth writes, "running a known-insecure webbrowser is probably a bad idea."

Agreed. Except I would say "definitely".

It's important that Ubuntu gets some sort of a fix soon. I've already seen a person asking on a forum how to downgrade and being told to install a third party package by hand. This is no better, and possibly worse from a security perspective.

Seth also writes, "None of the upgrade tools are in a position to check architecture features before installing a package. There may not be a happy solution here."

Again, I agree, the solutions I'm coming up with are not particularly happy. However, a solution is needed. In the short term, switching to ESR (as mentioned above) would let Firefox work on all supported architectures and have security updates. For the long term, well, I don't want to clutter up this bug — which is about an urgent problem needing an immediate solution — so I've filed Bug 1698501. I'll continue my response there.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in firefox (Ubuntu):
status: New → Confirmed
Jamie Strandboge (jdstrand)
Changed in firefox (Ubuntu):
assignee: Canonical Security Team (canonical-security) → Ubuntu Security Team (ubuntu-security)
Revision history for this message
hackerb9 (hackerb9) wrote :

Nearly a year later, this is still an immediate problem. For people finding this bug via Google, the only fix I've found that cares about security is to use Debian GNU/Linux instead of Ubuntu and `apt install firefox-esr`. This works because the stable (Stretch) version of Debian uses Firefox-ESR 52.9.0 which was released last month (https://www.mozilla.org/en-US/firefox/52.9.0/releasenotes/).

However, I notice that the next Extended Support Release of Firefox will be based on version 60, and thus I presume will have the same SIGILL problems due to an incorrect ABI if it is compiled in the same way as the current Firefox. So Debian will not be a panacea.

I understand that time marches on, as do ABIs, but minor updates to an Ubuntu LTS release should not add new requirements on the CPU architecture.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.