Conflict with HIPS-like product Malwarebytes Anti-Exploit

[pal1000]

Reported here: https://forums.malwarebytes.org/index.php?/topic/163449-solved-fire-ie-plugin-for-firefox/
Workaround: switch to OOPP.
Depends on #65.
Reproducible with both Free and Premium versions.

[patwonder]

Thank you for the report.

After some initial testing I found that a submodule of Fire IE, named "ATL DEP hook", conflicts with MBAE.

Some ActiveX controls written with ATL version 7.1 or earlier are not compatible with DEP. Firefox enables DEP by default, thus loading these controls will crash Firefox. Supporting these ActiveX controls is important since some E-bank sites in China still uses ActiveX controls written with old versions of ATL. We used a little hack in "ATL DEP hook" module to make sure they run without a problem. Perhaps MBAE misinterprets this hack as an "exploit".

The souce code of the module is in AtlDepHook.h and AtlDepHook.cpp.

I'm unable to create a Malwarebytes forum account. Maybe you could forward this comment and see if the problem can be solved on MBAE side? Thanks!

By the way, Fire IE in 64bit Firefox does not have this issue, because "ATL DEP hook" is disabled for 64bit builds.

[pal1000]

It also appears that the exploit alert is not fired if Fire IE is left in the default IE7 Standards Mode. I wonder why?
Most users, myself included tend to raise the Compatibility View to highest mode that works.

[patwonder]

That's odd. ATL DEP Hook should not have anything to do with IE compatibility mode.

[patwonder]

I'm closing this issue as "Won't Fix". Reasons:

• Currently, there's nothing we can do on our side to address this issue. The ATL DEP Hook is essential and cannot simply be disabled.
• As @pal1000 has pointed out, a possible workaround is to enable OOPP. Once [plugin]支持OOPP #65 get fixed this will no longer be an issue.