dejsonlz4.exe issue on LibreWolf

Discussion in 'Sandboxie (SBIE Open Source) Plus & Classic' started by Mr.X, May 24, 2023.

  1. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    When I run portable LibreWolf 113.0.1-1 x64 in a red box, I get the following errors:
    Code:
    dejsonlz4.exe (944): SBIE1231 Initialization failed for process  [C0000001 / A4]
    PID 2832: SBIE2314 Cancelling process dejsonlz4.exe
    
    Code:
    NormalFilePath=E:\LibreWolf\*
    If I add one line, it works:
    Code:
    NormalFilePath=E:\LibreWolf\*
    NormalFilePath=R:\Container\LibreWolf\*
    
    Although I want to know whether there is another more appropriate solution.

    TIA
     
  2. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    413
    There is no such program in the official portable version of LibreWolf. Either remove that program or define a rule according to where it is running.
     
  3. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    There is, when you launch LibreWolf-Portable.exe its mechanism creates a temporary exe called dejsonlz4.exe at
    Code:
    R:\Container\LibreWolf\user\current\AppData\Local\Temp\
    
    It is, so it seems, a temporary executable to assist in the main program launch.

    Thanks for taking the time to assist me on this.
     
  4. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    413
    Try this:
    Code:
    OpenFilePath=%TEMP%\dejsonlz4.exe
     
  5. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    It works too.
    Is it better than my above line or any reason why it is more appropriate?
     
  6. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    413
    with this
    Code:
    NormalFilePath=R:\Container\LibreWolf\*
    
    If you set start restriction, the EXE extracted into the sandbox will not start. Also, creating rules with sandboxed paths doesn't seem like the correct usage to me.
     
    Last edited: May 24, 2023
  7. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    dejsonlz4 is part of the portableapps crap of any firefox derivate, librewolf is fake and unsecure.
    from my knowledge its a console command file, forget the bits. at least its not needed to run any firefox as portable.

    dejsonlz4 is used to decompress LZ4 files from firefox, in special "addonStartup.json.lz4" without needs. there was time when firefox had issues but now nowerdays, a never ending issue from portableapps without needs.

    i consider this as a sequel to your other question about the portable starter where i answered you. its starter is very questionable, very bloated and non-functional in lot of parts. a matter of the used scripting engine, look source folder. i gave you the mission to obtain a better starter. i only can tell you that the starters (all starters) from PA have unresolved issues.

    if you want to know about the used switches in librecrap that are usable in firefox (user.js) you just have to ask. from my view librewolf is a very stupid build, only gathering its sheep with marketing gags.

    PS my latest working with dejsonlz4, month ago, discovered it as non-functional, because mozilla changed LZ4 compression. LZ4 is 7-zip based. 7-zip is also used on other files from firefox, the usage is very special to get max performance for firefox. external change may end in less performance.
     
  8. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    :argh: @ mission
    Did two quick searches, one "starter for portable firefox" and "launcher for portable firefox" and mr.google didn't throw anything useful only references to portableapps.com, "crap" according to you. So why don't you share a link or two at better launcher/starter alternatives?
    Which portable FF derivative you consider secure?
     
    Last edited: May 24, 2023
  9. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
    The following line works too plus it allows dejsonlz4.exe to stay in the Temp folder.
    Code:
    NormalFilePath=%TEMP%\dejsonlz4.exe
    
    Do you think is appropriate or not @busy ?
     
  10. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    413
    @Mr.X Normally, such a rule should not be needed, but if it works for you, you can use it. It may be an error due to RamDisk (ImDisk) usage.

    Code:
    NormalFilePath=\Device\ImDisk*\Sandbox\%USER%\%SANDBOX%\*
    or

    Code:
    NormalFilePath=\Device\ImDisk*
     
  11. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    none. precisely enough?
    the overall problem to any portable program is that its usage is outside windows security. its a general misunderstanding to portables, so its not only you.

    for the "dejsonlz4.exe" - delete it from folder, it has no impact when not present (i wrote above).

    the problem about the starter and/or portablesapps is the purpose of that page, to offer portable versions of programs, you use installed on your home computer. as this example point out there is more behind that the starter will show you, and thus you experience issues. i have worked a lot on portable programs and its starters, its much more complicated and you cant write a code base for all, not possible.

    for the starter, i dont offer a ready binary, only a script. i dont use NSIS in common, more AUTOIT.
    the simplest way to get firefox portable is
    Code:
    Firefox\firefox.exe" -no-remote -profile profilefolder'
    where
    - starter.exe (or bat)
    |- \Firefox\
    |- \profilefolder\

    see
    https://wiki.mozilla.org/Firefox/CommandLineOptions

    you can compile any BAT to an EXE file for free.

    the sophisticated script looks like this (reduced code)
    Code:
    ;#include <WinAPIEx.au3>
    ;#include <array.au3>
    
    Global Const $firefox_exe    = "Firefox.exe"
    Global Const $profilfolder   = "profilefolder"
    
    Dim $COMMANDLINE, $profilfolderfull, $firefoxfull, $wow64, $mode
    
    ;read command line
    If $CMDLINE[0] Then $COMMANDLINE = $CMDLINE[1]
    
    $profilfolderfull = @ScriptDir & "\" & $profilfolder
    $firefoxfull = @ScriptDir & "\Firefox\" & $firefox_exe
    $mode = "-no-remote"
    
    ;set working dir / Arbeitsverzeichnis
    FileChangeDir (@ScriptDir)
    
    ;start firefox
    Select
        Case $mode = "-new-tab "
            ;run same portable with url
            Run($firefoxfull & " " & $mode & $COMMANDLINE)
        Case $mode = "-no-remote "
            ;another portable to run
            Run($firefoxfull & " " & $mode & "-profile " & $profilfolder & " " & $COMMANDLINE)
        Case $mode = ""
            ;regular first start
            Run($firefoxfull & " " & $mode & "-profile " & $profilfolder & " " & $COMMANDLINE)
    EndSelect
    
    Exit(0)
    
    
    ;find associated firefox with portable starter
    Func findprocess()
      ;some special code
    EndFunc
    
    ;end
    and this is not ready.

    and LibreWolf - really - is only using existing firefox switches.

    the facts:
    https://librewolf.net/
    - telemetry, ofc possible but do not bother if your wishes dont come true
    telemetrie is NO spying, its just watching about the general behavior about used functions, maybe extensions to develop firefox "for the users".
    the most complaning users have disabled "telemetry", so they are not part of the croud to point in some direction what they want.

    - private search, firefox already has that, just chose the search engine to want to.

    - ublock - users are forced to use ublock, or they disable it and use another which makes LW futile.

    - "fast" updates - librewolf cannot deliver what mozilla has not developped, shame on LW
    further - LW has no updater, it needs another tool to update, Firefox dont need the maintencance service, but it has the possibility to update with ease. librewolf has NOTHING.

    - OpenSource - Firefox IS OpenSource. hosting on github or similar opensource is mandatory, no **** please.

    - enhanced privacy is only using switches, you can compare easyliy a standard firefox profile (prefs.js) with a profile from librewolf, this will show you the difference.

    ofc that differences are based on the code, you can set it with ease from true to false or anything you like to.

    there is no magic, i tell you, just ask.

    to notice:
    https://gitlab.com/librewolf-community/browser/bsys6/-/releases

    current state is 113.0.1, where firefox is on 113.0.2.
    current Librewolf has unresolved issues:
    https://www.mozilla.org/en-US/firefox/113.0.2/releasenotes/

    3 days is not much, but if some user experience such issues, 3 days is too much.

    about "user.js", changes in librewolf, no magic

    Code:
    user_pref("browser.contentblocking.category", "strict");
    user_pref("browser.dom.window.dump.enabled", false);
    
    user_pref("browser.policies.runOncePerModification.extensionsInstall", "[\"https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi\"]");
    user_pref("browser.policies.runOncePerModification.extensionsUninstall", "[\"google@search.mozilla.org\",\"bing@search.mozilla.org\",\"amazondotcom@search.mozilla.org\",\"ebay@search.mozilla.org\",\"twitter@search.mozilla.org\"]");
    user_pref("browser.policies.runOncePerModification.removeSearchEngines", "[\"Google\",\"Bing\",\"Amazon.com\",\"eBay\",\"Twitter\"]");
    user_pref("browser.policies.runOncePerModification.setDefaultSearchEngine", "DuckDuckGo");
    
    user_pref("browser.region.update.enabled", false);
    user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
    user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
    user_pref("browser.safebrowsing.downloads.remote.enabled", false);
    user_pref("browser.safebrowsing.downloads.remote.url", "");
    user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
    
    user_pref("captivedetect.canonicalURL", "");
    
    user_pref("devtools.debugger.remote-enabled", false);
    
    user_pref("dom.security.https_only_mode_ever_enabled", true);
    
    user_pref("network.captive-portal-service.enabled", false);
    user_pref("network.connectivity-service.enabled", false);
    user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true);
    user_pref("network.http.speculative-parallel-limit", 0);
    user_pref("network.predictor.enabled", false);
    user_pref("network.prefetch-next", false);
    
    user_pref("permissions.delegation.enabled", false);
    user_pref("permissions.manager.defaultsUrl", "");
    user_pref("privacy.annotate_channels.strict_list.enabled", true);
    user_pref("privacy.history.custom", true);
    user_pref("privacy.partition.network_state.ocsp_cache", true);
    user_pref("privacy.query_stripping.enabled", true);
    user_pref("privacy.query_stripping.enabled.pbmode", true);
    
    user_pref("privacy.trackingprotection.emailtracking.enabled", true);
    user_pref("privacy.trackingprotection.enabled", true);
    user_pref("privacy.trackingprotection.socialtracking.enabled", true);
    
    user_pref("toolkit.winRegisterApplicationRestart", false);
    
    user_pref("webchannel.allowObject.urlWhitelist", "");
    
    
    you can research that entries yourself, not my job. but i can tell you now, that some of these settings are really nonsnse, and none of those have impact to performance. but some of them are lowering the security of browser, which is NOT handleable from any kind of other software.

    i forgot, policies.json which causes those entries:
    again, nothing has impact on performance
     
    Last edited: May 25, 2023
  12. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,796
    Location:
    .
  13. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    you are welcome. we came together at this place to learn together.
     
  14. simbun

    simbun Registered Member

    Joined:
    Jan 29, 2022
    Posts:
    63
    Location:
    United Kingdom
    Rather than resort to portable apps is this not something that Sandboxie can/should be able to do?
    I have a load of sandboxes with software installed into them and they work fine. Once installed I take a snapshot (make it default) and then enable Auto delete. If there's an update I'll disable Auto delete, install the update, make another snapshot and then enable Auto delete again. I appreciate there's another level of complexity with browsers as you may want to retain bookmarks, history, the updated phishing database e.t.c. but is this not something that's worth looking into, or do the portable installations offer other benefits too?
     
  15. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,871
    only for the record, just some deeper informations

    NSIS it its basics is only able to work on strings max 1024 token, the official "bigger" one is able to process strings with 8192 token.

    while working on other projects here there exist two conclusions:
    1. portableapps uses its own compiled header with ability for very very large strings
    2. further tools like dejonslz4 or jsonlz4 are useless because the ability for text processing is max 1k or 8k long.

    my addonStartup.json.lz unpacked contains 50k token in a line. so any text or word processing must fail under normal conditions.

    nevertheless dejsonlz4 is able to run inside sandboxie, maybe to sharp settings on your box.

    about the portable, the "original" from poprtable apps. dejsonlz4 and other files are executed, windows told me so, but it changed nothing in addonStartup.json.lz where it should happen. and in fact that portable firefox do not show me any button due this.

    to explain: i copy my regular full featured profile into the default folder (\App\DefaultData\profile), and the starter copy all files from there to the working folder. firefox itself is changing a path inside LZ4 but thats all, the code between unpacking and packing do not affect anything.
    to be expected: adjusted the path to extensions when profile is moved, and thus visible buttons.

    the earlier conclusion was to delete addonStartup.json.lz from profile and let firefox start twice, this recover missing buttons.

    what else? the starter need a json formatter like "tidyjson" to format json files it wants to work on, the it can read all line by line and work on the lines which are less then 1k token. after that compressing the json to one line again and pack it.

    at least its some kind of disappointing.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.