Slow startup and high CPU usage using EMET 5.0 with EAF mitigation enabled on Widows 7 x64
Platform: Windows 7 x64 Application: Firefox 31.2, 24.8 with EMET 5.0 Addons: Adblock Edge, flashblock, BetterPrivacy
Issue: Using the latest Windows ESR builds (31.2 and 24.8), the cpu usage on application startup spikes to 100% and Firefox takes approximately 10 seconds to start. During normal browsing, the Firefox process also frequently spikes to 100%. This is with EMET 5.0 installed and the Firefox mitigations configured via Import-->Popular Software.
By process of elimination, the EAF (not EAF+) mitigation is the culprit. Disabling this mitigation, while leaving the other mitigations set to their default, results in a return to "normal" processor usage (nearly instant startup, no long CPU spikes during browsing).
On Windows, EMET is becoming quite important in stopping 0-day exploits. I would ask the Mozilla team to investigate this issue further. I have been able to replicate this issue on several systems by installing EMET 5.0, configuring it with the pre-configured "Popular Software" list included with EMET 5 and doing afresh install of Firefox with no add-ons or plugins.
Todas las respuestas (5)
2 additional bits of information
1. The mitigation configured for Firefox under EMET 5.0 by default are: - DEP - SEHOP - NullPage - HeapSpray - EAF - EAF+ - MandatoryASLR - BottomUpASLR - LoadLib - MemProt - Caller - SimExecFlow - StackPivot
2. The Pale Moon browser does not show similar symptoms using either 32bit or 64bit builds as of v24.7.2. (Pale Moon is a FF compatible browser built from the FF 24 ESR code base with significant build and UI optimizations).
My guess is that Microsoft increased the aggressiveness of the EAF hardware break points and Firefox is spamming a lot of shellcode operations.
More information on EAF: https://docs.google.com/document/d/1gtCF_yonGl85T9xwEFY8RlsLkvY8sBplicysZn5tDhg/edit?pli=1
Hello,
Firefox needs a refresh. Here are tips to make Firefox load faster.
Report us back if this work
I just want to confirm what Jack (above) has discovered.
I have EMET 5.0 (with "popular software.xml" imported) installed across roughly 100 desktops and laptops across my organization. And all 100 of those users have complained about the launch times of Firefox. As a matter of fact, on slower hardware, it's a LOT longer 10 seconds.
Doing a Firefox "refresh" is *not* a fix. In troubleshooting (before discovering for myself what Jack has already outlined above), I even tried launching freshly re-imaged machines, and different profiles.
The (temporary) fix is to turn off EAF (and EAF+). The long term fix would be for the Firefox developers to see why Firefox doesn't like EAF and to fix the issue. :-)
So EMET 5.1 is out. I just updated and the slower start-up still seems to be an issue. Again, it is an issue with EAF and not EAF+. This is easily replicable by enabling and disabling EAF mitigating in EMET.
The EMET 5.1 blog post indicates several Firefox issues have been solved with EAF+ so maybe this issue is not addressed? I am happy to see that Adobe Reader Enhanced Security no longer crashes so woohoo on that.
As of Firefox 31.3, the issue appears resolved. I did not see anything in the release notes but happy to have it fixed.