{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,26]],"date-time":"2025-04-26T05:45:53Z","timestamp":1745646353769,"version":"3.37.3"},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2019,1,3]],"date-time":"2019-01-03T00:00:00Z","timestamp":1546473600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","award":["CGSD2-488809-2016"],"award-info":[{"award-number":["CGSD2-488809-2016"]}],"id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2019,8]]},"DOI":"10.1007\/s10664-018-9677-7","type":"journal-article","created":{"date-parts":[[2019,1,2]],"date-time":"2019-01-02T22:55:22Z","timestamp":1546469722000},"page":"1799-1822","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["An empirical study of DLL injection bugs in the Firefox ecosystem"],"prefix":"10.1007","volume":"24","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1246-864X","authenticated-orcid":false,"given":"Le","family":"An","sequence":"first","affiliation":[]},{"given":"Marco","family":"Castelluccio","sequence":"additional","affiliation":[]},{"given":"Foutse","family":"Khomh","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,1,3]]},"reference":[{"key":"9677_CR1","unstructured":"Andersson S, Clark A, Mohay G, Schatz B, Zimmermann J (2005) A framework for detecting network-based code injection attacks targeting windows and unix. In: Computer security applications conference, 21st Annual, IEEE, pp 10\u2013pp"},{"key":"9677_CR2","unstructured":"AppInitDLLs (2018) AppInit_DLLs in Windows 7 and Windows Server 2008 R2. \n https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/dd744762(v=vs.85).aspx\n \n , online; Accessed April 12th, 2018"},{"issue":"7","key":"9677_CR3","first-page":"567","volume":"40","author":"J Berdajs","year":"2010","unstructured":"Berdajs J, Bosnic Z (2010) Extending applications using an advanced approach to DLL injection and API hooking. Software: Practice and Experience 40(7):567\u2013584","journal-title":"Software: Practice and Experience"},{"key":"9677_CR4","unstructured":"Bosch J (2009) From software product lines to software ecosystems. In: Proceedings of the 13th international software product line conference, Carnegie Mellon University, pp 111\u2013119"},{"key":"9677_CR5","doi-asserted-by":"crossref","unstructured":"Businge J, van den Brand M (2010) An empirical study of the evolution of eclipse third-party plug-ins. In: Proceedings of the Joint ERCIM Workshop on Software Evolution (EVOL) and International Workshop on Principles of Software Evolution (IWPSE), ACM, pp 63-72","DOI":"10.1145\/1862372.1862389"},{"key":"9677_CR6","unstructured":"Castelluccio M, An L, Khomh F (2018) An empirical study of patch uplift in rapid release development pipelines. Springer, pp 1\u201337"},{"key":"9677_CR7","unstructured":"Chromium Blog (2017) Reducing Chrome crashes caused by third-party software. \n https:\/\/web.archive.org\/web\/20180728201546\/https:\/\/blog.chromium.org\/2017\/11\/reducing-chrome-crashes-caused-by-third.html\n \n , online; Accessed August 1st, 2018"},{"key":"9677_CR8","unstructured":"CreateRemoteThread (2018) CreateRemoteThread function. \n https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms682437(v=vs.85).aspx\n \n , online; Accessed April 12th, 2018"},{"key":"9677_CR9","unstructured":"Fewer S (2008) Reflective dll injection. Harmony Security, Version 1"},{"key":"9677_CR10","doi-asserted-by":"crossref","unstructured":"German DM, Gonzalez-Barahona JM, Robles G (2007) A model to understand the building and running inter-dependencies of software. In: 14th working conference on reverse engineering, 2007. WCRE 2007. IEEE, pp 140\u2013149","DOI":"10.1109\/WCRE.2007.5"},{"key":"9677_CR11","doi-asserted-by":"crossref","unstructured":"German DM, Adams B, Hassan AE (2013) The evolution of the r software ecosystem. In: 2013 17th European conference on software maintenance and reengineering (CSMR). IEEE, pp 243\u2013252","DOI":"10.1109\/CSMR.2013.33"},{"issue":"3","key":"9677_CR12","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1007\/s10664-008-9100-x","volume":"14","author":"JM Gonzalez-Barahona","year":"2009","unstructured":"Gonzalez-Barahona JM, Robles G, Michlmayr M, Amor JJ, German DM (2009) Macro-level software evolution: a case study of a large software compilation. Empir Softw Eng 14(3):262\u2013285","journal-title":"Empir Softw Eng"},{"issue":"7","key":"9677_CR13","doi-asserted-by":"publisher","first-page":"1455","DOI":"10.1016\/j.jss.2011.04.020","volume":"85","author":"GK Hanssen","year":"2012","unstructured":"Hanssen G K (2012) A longitudinal case study of an emerging software ecosystem: implications for practice and theory. J Syst Softw 85(7):1455\u20131466","journal-title":"J Syst Softw"},{"key":"9677_CR14","unstructured":"Hollander M, Wolfe DA, Chicken E (2013) Nonparametric statistical methods, 3rd edn. Wiley"},{"key":"9677_CR15","unstructured":"InfoSec Institute (2014) API hooking. \n http:\/\/resources.infosecinstitute.com\/api-hooking\n \n , online; Accessed April 12th, 2018"},{"key":"9677_CR16","doi-asserted-by":"crossref","unstructured":"Jang M, Kim H, Yun Y (2007) Detection of dll inserted by windows malicious code. In: International conference on convergence information technology, 2007. IEEE, pp 1059-1064","DOI":"10.1109\/ICCIT.2007.320"},{"key":"9677_CR17","doi-asserted-by":"crossref","unstructured":"Jansen S, Finkelstein A, Brinkkemper S (2009) A sense of community: a research agenda for software ecosystems. In: 31st international conference on software engineering-companion, vol 2009. ICSE-Companion 2009. IEEE, pp 187\u2013190","DOI":"10.1109\/ICSE-COMPANION.2009.5070978"},{"key":"9677_CR18","doi-asserted-by":"crossref","unstructured":"Karim R, Dhawan M, Ganapathy V, Shan CC (2012) An analysis of the mozilla jetpack extension framework. In: European conference on object-oriented programming, Springer, pp 333\u2013355","DOI":"10.1007\/978-3-642-31057-7_16"},{"key":"9677_CR19","unstructured":"Lam LC, Yu Y, Chiueh TC (2006) Secure mobile code execution service. In: LISA, pp 53\u201362"},{"key":"9677_CR20","unstructured":"Liu L, Zhang X, Yan G, Chen S, et al. (2012) Chrome extensions: threat analysis and countermeasures. In: NDSS"},{"key":"9677_CR21","unstructured":"LoadLibrary (2018) LoadLibrary function. \n https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms684175(v=vs.85).aspx\n \n , online; Accessed April 12th, 2018"},{"key":"9677_CR22","unstructured":"Mozilla Add-ons Blog (2018a) Advantages of WebExtensions for Developers. \n https:\/\/blog.mozilla.org\/addons\/2016\/03\/14\/webextensons-whats-in-it-for-developers\/\n \n , online; Accessed April 16th, 2018"},{"key":"9677_CR23","unstructured":"Mozilla Add-ons Blog (2018b) Preventing add-ons and third-party software from loading DLLs into Firefox. \n https:\/\/blog.mozilla.org\/addons\/2017\/01\/24\/preventing-add-ons-third-party-software-from-loading-dlls-into-firefox\/\n \n , online; Accessed November 11th, 2018"},{"key":"9677_CR24","unstructured":"Mozilla Add-ons Blog (2018c) The future of developing Firefox add-ons. \n https:\/\/blog.mozilla.org\/addons\/2015\/08\/21\/the-future-of-developing-firefox-add-ons\/\n \n , online; Accessed April 16th, 2018"},{"key":"9677_CR25","unstructured":"Mozilla Wiki (2017) WebExtensions API. \n https:\/\/wiki.mozilla.org\/WebExtensions\n \n , online; Accessed April 12th, 2018"},{"key":"9677_CR26","unstructured":"Mozilla Wiki (2018a) Mozilla release management tracking rules. \n https:\/\/wiki.mozilla.org\/Release_Management\/Release_Process\n \n , online; Accessed March 28th, 2018"},{"key":"9677_CR27","unstructured":"Mozilla Wiki (2018b) Mozilla\u2019s blocklisting policy. \n https:\/\/wiki.mozilla.org\/Blocklisting\n \n , online; Accessed April 16th, 2018"},{"key":"9677_CR28","unstructured":"SetWindowsHookEx (2018) SetWindowsHookEx function. \n https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms644990(v=vs.85).aspx\n \n , online; Accessed April 12th, 2018"},{"key":"9677_CR29","unstructured":"SetWinEventHook (2018) SetWinEventHook function. \n https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/dd373640(v=vs.85).aspx\n \n , online; Accessed April 12th, 2018"},{"key":"9677_CR30","doi-asserted-by":"crossref","unstructured":"Singer J, Sim SE, Lethbridge TC (2008) Software engineering data collection for field studies. In: Guide to advanced empirical software engineering, Springer, pp 9\u201334","DOI":"10.1007\/978-1-84800-044-5_1"},{"key":"9677_CR31","unstructured":"Tu Q et al (2000) Evolution in open source software: a case study. In: 2000 Proceedings of the international conference on software maintenance, IEEE, pp 131-142"},{"key":"9677_CR32","doi-asserted-by":"crossref","unstructured":"Van Den Berk I, Jansen S, Luinenburg L (2010) Software ecosystems: a software ecosystem strategy assessment model. In: Proceedings of the fourth european conference on software architecture: companion volume, ACM, pp 127-134","DOI":"10.1145\/1842752.1842781"},{"key":"9677_CR33","unstructured":"WebExtensions (2017) Bugzilla@Mozilla. \n https:\/\/bugzilla.mozilla.org\n \n , online; Accessed April 12th, 2018"},{"key":"9677_CR34","doi-asserted-by":"crossref","unstructured":"Wermelinger M, Yu Y (2008) Analyzing the evolution of eclipse plugins. In: Proceedings of the 2008 international working conference on Mining software repositories, ACM, pp 133\u2013136","DOI":"10.1145\/1370750.1370783"},{"key":"9677_CR35","unstructured":"Wikipedia (2018a) Code injection. \n https:\/\/en.wikipedia.org\/wiki\/Code_injection\n \n , online; Accessed April 12th, 2018"},{"key":"9677_CR36","unstructured":"Wikipedia (2018b) DLL injection. \n https:\/\/en.wikipedia.org\/wiki\/DLL_injection\n \n , online; Accessed April 12th, 2018"},{"key":"9677_CR37","unstructured":"WindowsDataTypes (2018) Windows Data Types. \n https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/aa383751(v=vs.85).aspx\n \n , online; Accessed April 12th, 2018"}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-018-9677-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10664-018-9677-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-018-9677-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,1,2]],"date-time":"2020-01-02T19:17:33Z","timestamp":1577992653000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10664-018-9677-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,1,3]]},"references-count":37,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2019,8]]}},"alternative-id":["9677"],"URL":"https:\/\/doi.org\/10.1007\/s10664-018-9677-7","relation":{},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"type":"print","value":"1382-3256"},{"type":"electronic","value":"1573-7616"}],"subject":[],"published":{"date-parts":[[2019,1,3]]},"assertion":[{"value":"3 January 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}