You are not logged in.

#1 2019-08-02 15:20:29

homepod
Member
From: Iasi
Registered: 2019-07-17
Posts: 16
Website

[SECURITY] RDD Process (firefox Cookie) taking up 50% of processor

After an add with a warror was played on youtube(in regards to Games of Thrones v3m.uuzu.com), it fired a pid called RDD  Process which was taking up 50% of the processeor speed. I've killed it immediately.


Process Name RDD Process
User - 

Status Zombie
CPU 67%
Started today 13:03
CPU Time 7:38.74

Command Line /usr/lib/firefox -contentproc -parentBuildID 20190720144906 -prefsLen7503 -prefMapSize 181422 -greomni /usr/lib/firefox/omnji.ja --appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 12579 true rdd

To my understanding is a cookie which mines crypto.

I've discovered it after 7 hours

How to stop it?

Last edited by homepod (2019-08-02 16:55:41)


I've installed my first linux(redhat) in 1999 and configured as a dhcp server.
Since i am an avid user and graphic artist at heart.
Please consider the environment and reduce carbon.
https://homepod.eu

Offline

#2 2019-08-02 18:23:34

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 18,634

Re: [SECURITY] RDD Process (firefox Cookie) taking up 50% of processor

If you exit firefox, does the zombie process go away?
When you restart firefox, does the process start again?

If the answers are yes, no I would say you are okay.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#3 2019-08-02 20:37:07

homepod
Member
From: Iasi
Registered: 2019-07-17
Posts: 16
Website

Re: [SECURITY] RDD Process (firefox Cookie) taking up 50% of processor

ewaller wrote:

If you exit firefox, does the zombie process go away?
When you restart firefox, does the process start again?

If the answers are yes, no I would say you are okay.

If I exit, the PID dissapears yes. But it is fired only when that particular add appears. i was trying over and over again. Apparently some infosec experts classified it as a virus, which affects millions of machines worldwide.

Be aware of that!

I've installed an add-blocker and switched to epiphany which has less capabilities reading flash.


I've installed my first linux(redhat) in 1999 and configured as a dhcp server.
Since i am an avid user and graphic artist at heart.
Please consider the environment and reduce carbon.
https://homepod.eu

Offline

#4 2019-08-02 22:21:31

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 27,053
Website

Re: [SECURITY] RDD Process (firefox Cookie) taking up 50% of processor

homepod wrote:

... which has less capabilities reading flash.

Flash?  Really?  Do you need flash for anything?

I do all sorts of things on the web, and have had no need for flashplugin/player/etc for years.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#5 2019-08-02 23:52:00

loqs
Member
Registered: 2014-03-06
Posts: 15,092

Re: [SECURITY] RDD Process (firefox Cookie) taking up 50% of processor

https://bugzilla.mozilla.org/show_bug.cgi?id=1506291 It is sandboxing for the media decoder process.

Offline

#6 2019-08-03 08:37:43

homepod
Member
From: Iasi
Registered: 2019-07-17
Posts: 16
Website

Re: [SECURITY] RDD Process (firefox Cookie) taking up 50% of processor

Trilby wrote:
homepod wrote:

... which has less capabilities reading flash.

Flash?  Really?  Do you need flash for anything?

I do all sorts of things on the web, and have had no need for flashplugin/player/etc for years.

Sometimes I play videos from youtube or I watch TV


I've installed my first linux(redhat) in 1999 and configured as a dhcp server.
Since i am an avid user and graphic artist at heart.
Please consider the environment and reduce carbon.
https://homepod.eu

Offline

#7 2019-08-03 08:41:46

homepod
Member
From: Iasi
Registered: 2019-07-17
Posts: 16
Website

Re: [SECURITY] RDD Process (firefox Cookie) taking up 50% of processor

loqs wrote:

https://bugzilla.mozilla.org/show_bug.cgi?id=1506291 It is sandboxing for the media decoder process.

Oh well to my understanding, this sandbox bug is exploited by cryptominers at least


I've installed my first linux(redhat) in 1999 and configured as a dhcp server.
Since i am an avid user and graphic artist at heart.
Please consider the environment and reduce carbon.
https://homepod.eu

Offline

#8 2019-08-03 09:20:14

homepod
Member
From: Iasi
Registered: 2019-07-17
Posts: 16
Website

Re: [SECURITY] RDD Process (firefox Cookie) taking up 50% of processor

A quick fix to this is to go to about:config in firefox and disable media.rdd-process.enabled whoever created this sandbox didnt think through the implications thus allowing 3rd parties to exploit your CPU.


I've installed my first linux(redhat) in 1999 and configured as a dhcp server.
Since i am an avid user and graphic artist at heart.
Please consider the environment and reduce carbon.
https://homepod.eu

Offline

#9 2019-08-03 11:29:34

loqs
Member
Registered: 2014-03-06
Posts: 15,092

Re: [SECURITY] RDD Process (firefox Cookie) taking up 50% of processor

Could the process not just be stuck in a loop wasting CPU due to a bug rather than being hijacked?

Offline

#10 2019-08-03 12:43:09

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 27,053
Website

Re: [SECURITY] RDD Process (firefox Cookie) taking up 50% of processor

Youtube does not use/require flash.  Nor does hulu, amazon prime video, netflix, nor any other commonly used service that I'm aware of.  There are some old browser games that still use flash, but I'd be hard pressed to even find other websites that do.  Flash is dead: major browsers will not even have options to enable flash within the next year.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#11 2019-08-03 12:59:27

homepod
Member
From: Iasi
Registered: 2019-07-17
Posts: 16
Website

Re: [SECURITY] RDD Process (firefox Cookie) taking up 50% of processor

loqs wrote:

Could the process not just be stuck in a loop wasting CPU due to a bug rather than being hijacked?

First, I take it as a security break. Why would someone add somethign which does nothing but highjacks CPU?

Of course this could be a bug but at the same time someone might try to open a door to your computer.


I've installed my first linux(redhat) in 1999 and configured as a dhcp server.
Since i am an avid user and graphic artist at heart.
Please consider the environment and reduce carbon.
https://homepod.eu

Offline

Board footer

Powered by FluxBB