0.16%
703,203 

2.81%

0.09%
288,455 

1.15%

0.003%
692,086 

0.28%

I was poking around memory corruption bug reports, mainly core, and rediscovered a useful crash query in Bug 1404860 - [meta] At least ~33000 crashes/week due to use-after-free <https://bugzilla.mozilla.org/show_bug.cgi?id=1404860> I was most interested in comparing Firefox UAF (use-after-free) crash rates to Thunderbird, but then extended this investigation to compare overall crash numbers, and Thunderbird v60 to v68 (hence the line item for Nov 2019).  Note, the baseline to compare against other lines is "Thunderbird April 2020 [2][3]" in bold. The "current version" columns attempt to show to what extent users are running the most current version(s) available for that time period. One week time period [1] current version % current version only [4] UAF crashes, all versions % UAF against ADI all crashes, all versions % all crashes against ADI Thunderbird Nov 2019 60.0 - 60.9.1 74% 40,304 <https://crash-stats.mozilla.com/search/?address=~e5e5&product=Thunderbird&date=%3E%3D2019-10-05T07%3A37%3A00.000Z&date=%3C2019-11-05T07%3A37%3A00.000Z&_facets=signature&_facets=address&_facets=reason&_facets=platform&_facets=version&_facets=platform_version&_facets=cpu_arch&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-signature> 0.16% 703,203 <https://crash-stats.mozilla.com/search/?product=Thunderbird&date=%3E%3D2019-10-05T07%3A37%3A00.000Z&date=%3C2019-11-05T07%3A37%3A00.000Z&_facets=signature&_facets=address&_facets=reason&_facets=platform&_facets=version&_facets=platform_version&_facets=cpu_arch&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-version> 2.81% Thunderbird April 2020 [2] 68.0+ 94% 22,067 <https://crash-stats.mozilla.com/search/?address=~e5e5&product=Thunderbird&date=%3E%3D2020-03-29T07%3A05%3A00.000Z&date=%3C2020-04-05T07%3A05%3A00.000Z&_facets=signature&_facets=address&_facets=reason&_facets=platform&_facets=version&_facets=platform_version&_facets=cpu_arch&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports> 0.09% 288,455 <https://crash-stats.mozilla.com/search/?product=Thunderbird&date=%3E%3D2020-03-29T07%3A05%3A00.000Z&date=%3C2020-04-05T07%3A05%3A00.000Z&_facets=signature&_facets=address&_facets=reason&_facets=platform&_facets=version&_facets=platform_version&_facets=cpu_arch&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-signature> 1.15% *Thunderbird April 2020 [2][3]** * *68.0+* *84%* *8,911 <https://crash-stats.mozilla.com/search/?address=~e5e5&signature=%21md_UnlockAndPostNotifies&product=Thunderbird&date=%3E%3D2020-03-29T07%3A05%3A00.000Z&date=%3C2020-04-05T07%3A05%3A00.000Z&_facets=signature&_facets=address&_facets=reason&_facets=platform&_facets=version&_facets=platform_version&_facets=cpu_arch&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports>**** * *0.04%** * *273,715 <https://crash-stats.mozilla.com/search/?signature=%21md_UnlockAndPostNotifies&product=Thunderbird&date=%3E%3D2020-03-29T07%3A05%3A00.000Z&date=%3C2020-04-05T07%3A05%3A00.000Z&_facets=signature&_facets=address&_facets=reason&_facets=platform&_facets=version&_facets=platform_version&_facets=cpu_arch&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-signature> * *1.09%** * Firefox April 2020 68.0+ 43% 7,468 <https://crash-stats.mozilla.com/search/?address=~e5e5&product=Firefox&date=%3E%3D2020-03-29T07%3A05%3A00.000Z&date=%3C2020-04-05T07%3A05%3A00.000Z&_facets=signature&_facets=address&_facets=reason&_facets=platform&_facets=version&_facets=platform_version&_facets=cpu_arch&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports> 0.003% 692,086 <https://crash-stats.mozilla.com/search/?product=Firefox&date=%3E%3D2020-03-29T07%3A05%3A00.000Z&date=%3C2020-04-05T07%3A05%3A00.000Z&_facets=signature&_facets=address&_facets=reason&_facets=platform&_facets=version&_facets=platform_version&_facets=cpu_arch&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports> 0.28% *These numbers suggest:** * * *Thunderbird's UAF crash rate is over ten times that of Firefox.  ref: Thunderbird UAF bug reports <https://mzl.la/2Rd4vJc>, Thunderbird UAF crash reports <https://crash-stats.mozilla.com/search/?address=~e5e5&signature=%21md_UnlockAndPostNotifies&product=Thunderbird&version=68.6.0&version=68.5.0&date=%3E%3D2020-03-05T14%3A05%3A00.000Z&date=%3C2020-04-05T14%3A05%3A00.000Z&_facets=signature&_facets=address&_facets=reason&_facets=platform&_facets=version&_facets=platform_version&_facets=cpu_arch&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-signature> * * *Thunderbird's overall crash rate is approximately four times that of Firefox* * *Version 60 UAF crash rate is 4x that of version 68 (excluding **Bug 1625677 <https://bugzilla.mozilla.org/show_bug.cgi?id=1625677>) which I cannot explain from a quick attempt of identifying only Thuderbird-specific fixed UAF crashes <https://mzl.la/2V1FbqChttps://mzl.la/2V1FbqC> * [1] This isn't a proper statistical study.  Some numbers used are not appropriate to the task, so there are biases and inaccuracies, but it's what I've got and am able to give for now.  For example "% current version only" is based on _number of crashes_, not _number of user__s_, and the % columns citing ADI against _number of crashes_, not _number of users crashing_. Also, I doubt the % of Thunderbird users reporting crashes is the same as Firefox, but this analysis assumes they are the same.  For ADI I used 250 million for Firefox, and 25 million for Thunderbird, but the 250 million for Firefox might include mobile, and the crash counts don't include mobile. [2] Two top crash signatures are included in these numbers, but will be fixed in the not yet released 68.7.0 Bug 1543183 - Startup crash in [@ nsMsgDBFolder::AddSubfolder]. infinite loop in nsMsgDBFolder::GetChildWithURI ? <https://bugzilla.mozilla.org/show_bug.cgi?id=1543183> and Bug 1063723 - crash in nsDocumentViewer::OnDonePrinting @ address 0x5a5a5a5a/e5e5e5e9 <https://bugzilla.mozilla.org/show_bug.cgi?id=1063723> [3] The crash count cited here excludes the recently filed topcrash Bug 1625677 - Crash in [@ md_UnlockAndPostNotifies] (nss) via ldap_msgdelete (ldap60.dll) <https://bugzilla.mozilla.org/show_bug.cgi?id=1625677>, which hopefully will be fixed soon(?) [4]**In this analysis, Thunderbird users would appear to be using a current version at a far greater rate than Firefox. But these numbers are based on numbers of _crash__es_, not number of _users_, plus we know Thunderbird is crashier than Firefox. So we should check these against better data sources https://stats.thunderbird.net/#version and Firefox https://xxx

On 4/5/2020 7:33 AM, Wayne Mery wrote: > > [4]**In this analysis, Thunderbird users would appear to be using a > current version at a far greater rate than Firefox. But these numbers > are based on numbers of _crash__es_, not number of _users_, plus we > know Thunderbird is crashier than Firefox. So we should check these > against better data sources https://stats.thunderbird.net/#version and > Firefox https://xxx > Well I haven't looked at the crash stats myself, but based on the graph at the bottom of https://data.firefox.com/dashboard/user-activity Firefox reaches ~75% of users on a current version within 4 weeks of that version being available. So any stat that shows they have fewer people on 68+ than us must be wrong. If it's based on number of crashes though, all that probably means is that older versions of Firefox are more likely to crash than versions after 68, which seems reasonable.