Sandboxie Classic says Firefox has crashed, yet FF is actually still working and sandboxed. Safe to continue? #4474
-
|
I recently (finally!) upgraded from Sandboxie 5.33 to 5.70. My issue: When I run Firefox (115.19esr) in Sandboxie, I intermittently get the error "SBIE2224 Sandboxed program has crashed: Firefox.exe." That is immediately followed by a Windows error box that says "the exception unknown software exception (0xc0000409) occurred in the application at location 0x000f20eb. Click on OK to terminate the program." When I click OK on the Windows error and the Close on the Sandboxie error, Firefox seems to keep working fine, and importantly still appears to be sandboxed. My main question is not regarding how to keep the error from occurring, as it's just a minor, usually infrequent, interruption that doesn't seem to interfere with anything I'm trying to do. Instead my question is whether continuing at that point somehow increases the risk of opportunity for some kind of malware attack and/or risk of leakage from the sandbox (again, I see no evidence of the latter). BTW, I didn't have this issue with 5.33, that I can recall. Thanks. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 8 replies
-
|
Please try with the latest release and with a clean box. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
|
If it only affects browsers, it could be caused by security software (e.g. banking protection). What security software and Windows OS version do you use? |
Beta Was this translation helpful? Give feedback.
-
|
Windows 7, fully patched, and Norton 360 (new version based on co-owned Avast...in fact, Sandboxie Classic won't work at all with Firefox or Chrome anymore unless I choose Avast from the program list in settings.) |
Beta Was this translation helpful? Give feedback.
-
|
I've deleted the bulk of my previous replies because -- as someone who has only used Sandboxie at a beginner level -- I was on a learning curve (and I've learned a lot in the last 24 hours)...and writing way too much. I was already using the latest release of Sandboxie Classic, 3.70.4. My results are the same whether I use the Default Box (as I usually do), or a new one. Again, my focus here is not so much on stopping the occasional (phantom?) SBIE2224 errors saying sandboxed Firefox has crashed (and the Windows error message that follows it), since it actually seems to continue working fine (ZERO data loss). My greater concern is instead whether ignoring it and continuing to work will cause me to be at increased risk for opportunistic malware or a sandbox leak. Thanks. |
Beta Was this translation helpful? Give feedback.
-
|
The error code 1 |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, good info. BTW one thing I'm trying out at the moment is running Sandboxie Classic's "Sandboxed Web Browser" as an administrator -- 40 minutes so far, and no Firefox crash messages -- and so no Windows 0xC0000409 STATUS_STACK_BUFFER_OVERRUN. But yeah, maybe it's time to shift this work over to my Win 11 pc... |
Beta Was this translation helpful? Give feedback.
-
|
Are you sure that the FF process really keeps running? I think just a FF worker process dies and FF restarts a new worker that why it looks as if its still running. |
Beta Was this translation helpful? Give feedback.
-
|
I never thought about the possibility of Firefox seamlessly restarting a crashed process, all "behind the scenes." I could check about:crashes for crash reports, but that may not help because I think it's reserved for situations where Firefox crashes completely. The next time I get the SBIE2224 "Firefox crashed" and Windows 0xc0000409 exception, I'll check for sandboxed dump files. |
Beta Was this translation helpful? Give feedback.
-
It's not that simple, unfortunately. The same error code is also used for CFG violations, which have nothing to do with stack overruns. Given that Firefox uses CFG, it might be interfering with Sandboxie's hooks, especially if it enables export suppression. |
Beta Was this translation helpful? Give feedback.
The error code
0xC0000409, also known asSTATUS_STACK_BUFFER_OVERRUN, indicates a stack buffer overrun. If this error is the result of an actual1 buffer overrun, continuing to use the program in this manner may pose security risks. Additionally, using an outdated and unsupported operating system may increase the likelihood of encountering such issues. While the immediate impact of the error might seem negligible (e.g., no data loss), ignoring it long-term could leave your system vulnerable.1
https://devblogs.microsoft.com/oldnewthing/20190108-00/?p=100655