Results 1 to 10 of 10
  1. #1
    New Lounger
    Join Date
    Jul 2013
    Posts
    21
    Thanks
    2
    Thanked 3 Times in 2 Posts

    [Solved] Firefox crashes after installing KB 2912390 after Feb 2014 Patch Tuesday

    This is also posted on the Windows 7 Forum.

    Thirteen or 14 updates for February 2014 Patch Tuesday. All installed correctly in my machine (specs below) except for KB2912390. That install crashed Mozilla Firefox. (my browser of choice) version 27. Have hidden that update until it gets fixed. It did not crash IE9.

    Windows 7 Professional 64 bit
    System Supermicro C7P67 motherboard
    Nvidia 570 video card with 1.2 gig
    2 1 gig WD Black 1 gig drives
    16 gigs Crucial memory
    Nvidia driver 331.82 driver

    Thanks in advance for any suggestions.

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 207 Times in 181 Posts
    If you have IE9 but use only Firefox, you probably don't need KB 2912390

    Uninstall KB 2670838 instead!

    What might an attacker use the vulnerability to do?
    An attacker who successfully exploited this vulnerability could cause arbitrary code to run with the privileges of the user who opens a specially crafted file or browses a website that contains specially crafted content. If the user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    How could an attacker exploit the vulnerability?
    An attacker could exploit the vulnerability by hosting a specially crafted website that is designed to invoke Direct2D through Internet Explorer. This can also include compromised websites and websites that accept or host user-provided content. These websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site.

    In a file sharing attack scenario, an attacker could provide a specially crafted file that is designed to exploit this vulnerability, and then convince a user to open the file.

    What systems are primarily at risk from the vulnerability?
    Workstations and terminal servers are primarily at risk.

    Note For systems running Windows 7 and Windows Server 2008 R2, these systems are at risk from the vulnerability only if they have platform update 2670838 installed.
    From: http://technet.microsoft.com/en-us/s...letin/ms14-007.

    KB2670838 has some history with Mozilla (and a lot more ... ):
    http://answers.microsoft.com/en-us/w...2-16896a25dc3d
    https://bugzilla.mozilla.org/show_bug.cgi?id=812695
    http://www.askwoody.com/2013/kb-2670...shing-systems/
    http://answers.microsoft.com/en-us/w...2-16896a25dc3d

    You will need the following to block KB2670838 from being offered/reinstalling, after you've uninstalled and then hidden KB2670838 from being offered via Windows Update:
    http://www.microsoft.com/en-us/downl....aspx?id=36512
    http://www.microsoft.com/en-us/downl....aspx?id=40722

    <I'll add a link here from the other topic>

  4. The Following User Says Thank You to satrow For This Useful Post:

    Classicrockfan (2014-02-12)

  5. #3
    New Lounger
    Join Date
    Jul 2013
    Posts
    21
    Thanks
    2
    Thanked 3 Times in 2 Posts
    Sorry about posting in two different forums. Which forum is more correct for this the Windows 7 forum or the 3rd party browser forum or another forum?

  6. #4
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 207 Times in 181 Posts
    It would be fine in either

    You need to check whether all the 'updates' are actually applicable to your computer and installed software. Install any that are Critical and applicable and wait on any others, is my preference.

    Example: I had KB2909921 listed as 'Important', it's a cumulative update, consisting of ~25 updates for IE, after checking, only 1 is applicable to my installation (IE 9 on W7x64). No way am I going to install ~24 patches that will fail or potentially cause other issues ... and MS, in their infinite wisdom, don't offer the patch(es) individually for this

  7. #5
    New Lounger
    Join Date
    Jul 2013
    Posts
    21
    Thanks
    2
    Thanked 3 Times in 2 Posts
    Problem is resolved. Have uninstalled KB 2670838 and hidden the update. (IE 10 caused problems on my machine. Since KB 2912390 updates KB 2670838 have no problems. I believe the only reason I keep IE around is for the help files with various programs. Thanks again.

  8. #6
    Silver Lounger
    Join Date
    Aug 2012
    Posts
    1,613
    Thanks
    24
    Thanked 230 Times in 225 Posts
    Quote Originally Posted by satrow View Post
    It would be fine in either

    You need to check whether all the 'updates' are actually applicable to your computer and installed software. Install any that are Critical and applicable and wait on any others, is my preference.

    Example: I had KB2909921 listed as 'Important', it's a cumulative update, consisting of ~25 updates for IE, after checking, only 1 is applicable to my installation (IE 9 on W7x64). No way am I going to install ~24 patches that will fail or potentially cause other issues ... and MS, in their infinite wisdom, don't offer the patch(es) individually for this
    I'm just wondering if that type of excess from that is included when running Disk Cleanup as an admin, as I run that after each month's updates and it found 275MB of them to clean out this month.

  9. #7
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 207 Times in 181 Posts
    @Classicrockfan, I'll mark the topic as Solved. Glad to have been of some help

    Quote Originally Posted by Sudo15 View Post
    I'm just wondering if that type of excess from that is included when running Disk Cleanup as an admin, as I run that after each month's updates and it found 275MB of them to clean out this month.
    Unlikely, since the remaining ~24 patches were not applicable to my machine (it's W7x64 with IE9, not IE10/11 or W8/8.1) anyway and I do check what gets installed here.

  10. #8
    Silver Lounger
    Join Date
    Aug 2012
    Posts
    1,613
    Thanks
    24
    Thanked 230 Times in 225 Posts
    Hmm.. on reflection, updates that aren't applicable don't normally get installed and is probably MS's equivalent of pebble dashing a wall.

  11. #9
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Montana,USA
    Posts
    112
    Thanks
    17
    Thanked 0 Times in 0 Posts
    @satrow, so you're saying that you didn't install KB2909921? I also have w7x64 with IE9. I haven't done any of the Feb. updates, usually wait about a week to see if others have had any problems.

  12. #10
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 207 Times in 181 Posts
    Quote Originally Posted by grits View Post
    @satrow, so you're saying that you didn't install KB2909921?
    That's correct, I could only find 1 (the GDI one) of the 24-25 updates included in that KB that was actually applicable to my computer, you may have more. If you dig deep enough, there are usually workarounds you can put in place instead of risking potential problems by trying to install updates that are doomed to fail.

    If the odds were 1:6 instead of 1:24, I would probably have installed the rollup, it's a pity that the update I need isn't available as a standalone.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •