Crash report: https://crash-stats.mozilla.org/report/index/1eecd47b-f240-472f-8438-dfa010211220

Reason: EXCEPTION_STACK_BUFFER_OVERRUN / FAST_FAIL_PAYLOAD_RESTRICTION_VIOLATION

Top 10 frames of crashing thread:

0 payloadrestrictions.dll MitLibTriggerFailFast 
1 payloadrestrictions.dll MitLibValidateAccessToProtectedPage 
2 ntdll.dll RtlpCallVectoredHandlers 
3 ntdll.dll RtlDispatchException 
4 ntdll.dll KiUserExceptionDispatch 
5 firefox.exe base::win::PEImage::VerifyMagic const security/sandbox/chromium/base/win/pe_image.cc:568
6 firefox.exe ResolveNTFunctionPtr security/sandbox/chromium/sandbox/win/src/win_utils.cc:609
7 firefox.exe sandbox::GetProcessBaseAddress security/sandbox/chromium/sandbox/win/src/win_utils.cc:524
8 firefox.exe sandbox::TargetProcess::Create security/sandbox/chromium/sandbox/win/src/target_process.cc:223
9 firefox.exe sandbox::BrokerServicesBase::SpawnTarget security/sandbox/chromium/sandbox/win/src/broker_services.cc:620

Really odd crashes, I'm not sure what's going on here. These are all caught by WER so we might have had them for a while without having been able to intercept them in the past.

This looks like a crash caused by EAF (= Export Address Filtering). Payloadrestrictions.dll is a system module and is injected when the process enables additional exploit protections.

I ran 91.4.1esr on Windows 10 with EAF+. Payloadrestrictions.dll was loaded but everything worked fine without crash. Our statement https://support.mozilla.org/en-US/kb/compatibility-exploit-protection-windows-10 is still valid. We recommend not enabling EAF for firefox.exe.

We seem to be catching a lot of volume on this crash signature in ESR. I don't know why Bugzilla only shows 115.11.0esr, but crash-stats suggests that the peak in volume actually started with 115.9.1esr:

1 	115.9.1esr 	5141 	31.39 %
2 	115.10.0esr 	4572 	27.91 %
3 	115.11.0esr 	3640 	22.22 %
4 	115.9.0esr 	655 	4.00 %

This is probably preexisting volume that we are now catching (again?) thanks to the WER patches from bug 1872920.