Closed
Bug 1514118
Opened 6 years ago
Closed 6 years ago
make CertVerifier directly aware of 3rd party roots rather than going through NSS
Categories
(Core :: Security: PSM, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla67
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox64 | --- | wontfix |
| firefox65 | --- | wontfix |
| firefox66 | --- | wontfix |
| firefox67 | --- | fixed |
People
(Reporter: ronoc74, Assigned: keeler)
References
(Blocks 1 open bug)
Details
(Keywords: regression, Whiteboard: [psm-assigned])
Attachments
(3 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
Steps to reproduce:
Start Firefox
Actual results:
The master password dialog appears on startup. When dismissed it returns a second time.
Expected results:
Nothing.
I am not using Sync.
The problem still occurs in safe mode.
Restoring my profile from a backup I made when 63.0.3 was installed fixed the issue once, but it recurred on the next startup. Based on a thread about a related problem, I tried deleting cert9.db, which also prevented the problem once only.
This issue only occurs in version 64. Downgrading to 63.0.3 fixed it.
|
||
Comment 1•6 years ago
|
||
(In reply to ronoc74 from comment #0)
> This issue only occurs in version 64. Downgrading to 63.0.3 fixed it.
It would be useful if you could create a copy of the aforementioned profile backup, then use mozregression-gui on it to find the exact regression range.
https://mozilla.github.io/mozregression/quickstart.html
Has Regression Range: --- → no
status-firefox64:
--- → affected
status-firefox-esr60:
--- → unaffected
Component: Untriaged → Password Manager
Flags: needinfo?(ronoc74)
Keywords: regression
Product: Firefox → Toolkit
Whiteboard: [passwords:master-password]
|
||
Comment 2•6 years ago
|
||
> I am not using Sync.
Did you ever have it set up?
Are you using session restore? Are you restoring tabs that have password fields? What is triggering the MP dialog to appear in the first place? Is it a password form on a tab?
Attaching the debug logs could be useful: https://wiki.mozilla.org/Toolkit:Password_Manager/Debugging
I also second the idea of using mozregression as that will likely point right to the cause.
mozregression:
Differential Revision: https://phabricator.services.mozilla.com/D4708
I have never used Sync. Startup is a blank tab.
Debug log has the following:
1544847220030 addons.xpi WARN Ignoring missing add-on in C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
Login storage: Opening database at C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\a41z2ple.default\logins.json
Flags: needinfo?(ronoc74)
|
|
||
Comment 4•6 years ago
|
||
:keeler please have a look. According to comment 3, this is a regression introduced by bug 1487258.
Blocks: 1487258
Flags: needinfo?(dkeeler)
|
Assignee | |
Comment 5•6 years ago
|
||
Couple of debugging questions:
What do you mean by "dismissed"? Do you enter your password or not?
Do you use client certificates?
Do you have any PKCS#11 modules?
Do you have any add-ons?
Are the files key3.db, cert8.db, and secmod.db in your profile? If you (temporarily) remove them, does that fix it?
Thanks!
Flags: needinfo?(dkeeler) → needinfo?(ronoc74)
(In reply to Dana Keeler [:keeler] (she/her) (use needinfo) from comment #5)
> Couple of debugging questions:
>
> What do you mean by "dismissed"? Do you enter your password or not?
I click cancel.
> Do you use client certificates?
> Do you have any PKCS#11 modules?
I have one certificate, a DigiCert High Assurance EV Root CA. There is a pkcs11.txt file which seems to refer to a module, but is there a simple way to check that one is installed?
> Do you have any add-ons?
Four extensions, but the problem still occurs when these are disabled, and in Safe mode.
> Are the files key3.db, cert8.db, and secmod.db in your profile? If you
> (temporarily) remove them, does that fix it?
No key3.db, but cert8.db and secmod.db are present. Removing them had no effect.
> Thanks!
Thanks for the debugging :)
Flags: needinfo?(ronoc74)
|
|
||
Updated•6 years ago
|
Component: Password Manager → Security: PSM
Product: Toolkit → Core
|
|
||
Updated•6 years ago
|
status-firefox65:
--- → affected
status-firefox66:
--- → affected
|
|
Assignee | |
Comment 7•6 years ago
|
||
PKCS#11 modules are configured in about:preferences -> search for "Security Devices" -> click the "Security Devices" button.
Is there a chance you could attach a debugger and get a stack trace for all threads when the password dialog comes up both times?
Flags: needinfo?(ronoc74)
There is a "NSS Internal PKCS #11 Module"
The process has a large number of threads and I can't find a way to dump a stack trace of all threads from VS. Here's the list of threads followed by traces of the main thread from both times. Do you need traces of any other threads in particular?
Not Flagged > 0x00002404 0x00 Main Thread Main Thread win32u.dll!00007ffd127696e4
Not Flagged 0x000024E8 0x00 Worker Thread BrokerEvent firefox.exe!sandbox::BrokerServicesBase::TargetEventsThread
Not Flagged 0x0000168C 0x00 Worker Thread xul.dll!google_breakpad::ExceptionHandler::ExceptionHandlerThreadMain xul.dll!google_breakpad::ExceptionHandler::ExceptionHandlerThreadMain
Not Flagged 0x000052B0 0x00 Worker Thread Gecko_IOThread xul.dll!base::MessagePumpForIO::GetIOItem
Not Flagged 0x00003228 0x00 Worker Thread JS Watchdog nss3.dll!_PR_MD_WAIT_CV
Not Flagged 0x00006B58 0x00 Worker Thread JS Helper mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged 0x000023F0 0x00 Worker Thread JS Helper mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged 0x00000248 0x00 Worker Thread JS Helper mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged 0x000037D4 0x00 Worker Thread JS Helper mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged 0x00002354 0x00 Worker Thread Timer mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged 0x00006538 0x00 Worker Thread Link Monitor xul.dll!nsNotifyAddrListener::Run
Not Flagged 0x00002ED8 0x00 Worker Thread Socket Thread mswsock.dll!00007ffd110b6a42
Not Flagged 0x00003CD4 0x00 Worker Thread mswsock.dll thread mswsock.dll!00007ffd110bf338
Not Flagged 0x00001368 0x00 Worker Thread ProxyResolution mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00003088 0x00 Worker Thread URL Classifier mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00006E50 0x00 Worker Thread ntdll.dll thread mozglue.dll!patched_BaseThreadInitThunk
Not Flagged 0x00005298 0x00 Worker Thread combase.dll thread combase.dll!00007ffd14bc4217
Not Flagged 0x00006768 0x00 Worker Thread IPDL Background mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00005AE8 0x00 Worker Thread VsyncIOThread mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x0000160C 0x00 Worker Thread WindowsVsyncThread xul.dll!base::MessagePumpDefault::Run
Not Flagged 0x00006F20 0x00 Worker Thread Compositor win32u.dll!00007ffd127696e4
Not Flagged 0x00004C9C 0x00 Worker Thread ImgDecoder #1 mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x000053D0 0x00 Worker Thread ImageIO mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00003270 0x00 Worker Thread Cache2 I/O mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00005758 0x00 Worker Thread Cookie mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00001E50 0x00 Worker Thread QuotaManager IO mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00006164 0x00 Worker Thread HTML5 Parser mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00002504 0x00 Worker Thread GMPThread mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00000988 0x00 Worker Thread Worker Launcher mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00005F18 0x00 Worker Thread DOM Worker mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00006FDC 0x00 Worker Thread StyleThread#0 xul.dll!rayon_core::sleep::Sleep::sleep
Not Flagged 0x00004AA8 0x00 Worker Thread Cache I/O mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00003350 0x00 Worker Thread Classifier Update mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x000009F4 0x00 Worker Thread LoadRoots mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00004F20 0x00 Worker Thread DOM Worker mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00002DE8 0x00 Worker Thread StyleThread#1 xul.dll!rayon_core::sleep::Sleep::sleep
Not Flagged 0x00005708 0x00 Worker Thread StyleThread#2 xul.dll!rayon_core::sleep::Sleep::sleep
Not Flagged 0x0000237C 0x00 Worker Thread ImageBridgeChild xul.dll!base::MessagePumpDefault::Run
Not Flagged 0x00004FFC 0x00 Worker Thread ImgDecoder #2 mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00000244 0x00 Worker Thread DataStorage mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x0000514C 0x00 Worker Thread PlayEventSound mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x000068CC 0x00 Worker Thread DNS Resolver #2 mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged 0x00004DE0 0x00 Worker Thread ProcessHangMon mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x000037F0 0x00 Worker Thread localStorage DB mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged 0x00004004 0x00 Worker Thread DNS Resolver #1 mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged 0x00006A68 0x00 Worker Thread mozStorage #2 mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00003180 0x00 Worker Thread COM MTA mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00005F44 0x00 Worker Thread ntdll.dll thread mozglue.dll!patched_BaseThreadInitThunk
Not Flagged 0x000004A0 0x00 Worker Thread ntdll.dll thread mozglue.dll!patched_BaseThreadInitThunk
Not Flagged 0x000056E4 0x00 Worker Thread mozStorage #1 mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00003A2C 0x00 Worker Thread DOM Worker mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00004F30 0x00 Worker Thread SSL Cert #5 mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00004648 0x00 Worker Thread combase.dll thread win32u.dll!00007ffd12761144
Not Flagged 0x00004368 0x00 Worker Thread mozStorage #3 mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x000007B8 0x00 Worker Thread DOM Worker xul.dll!ffi_call_win64
Not Flagged 0x00003484 0x00 Worker Thread IndexedDB #6 mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00003508 0x00 Worker Thread SSL Cert #2 mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x000020DC 0x00 Worker Thread SSL Cert #1 mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x00005B08 0x00 Worker Thread StreamTrans #76 mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged 0x000035D0 0x00 Worker Thread SSL Cert #3 mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged 0x0000462C 0x00 Worker Thread SSL Cert #4 mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
[External Code]
> xul.dll!mozilla::widget::WinUtils::WaitForMessage(unsigned long aTimeoutMs) Line 744 C++
xul.dll!nsAppShell::ProcessNextNativeEvent(bool mayWait) Line 547 C++
xul.dll!nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal * thr, bool mayWait) Line 259 C++
xul.dll!nsThread::ProcessNextEvent(bool aMayWait, bool * aResult) Line 1068 C++
xul.dll!NS_ProcessNextEvent(nsIThread * aThread, bool aMayWait) Line 468 C++
xul.dll!mozilla::SpinEventLoopUntil<mozilla::ProcessFailureBehavior::ReportToCaller,`lambda at z:/build/build/src/xpfe/appshell/nsXULWindow.cpp:380:24'>(nsXULWindow::ShowModal::<unnamed-tag> && aPredicate, nsIThread *) Line 335 C++
xul.dll!nsXULWindow::ShowModal() Line 381 C++
xul.dll!nsWindowWatcher::OpenWindowInternal(mozIDOMWindowProxy * aParent, const char * aUrl, const char * aName, const char * aFeatures, bool aCalledFromJS, bool aDialog, bool aNavigate, nsIArray * aArgv, bool aIsPopupSpam, bool aForceNoOpener, nsDocShellLoadState * aLoadState, mozIDOMWindowProxy * * aResult) Line 1208 C++
xul.dll!nsWindowWatcher::OpenWindow(mozIDOMWindowProxy * aParent, const char * aUrl, const char * aName, const char * aFeatures, nsISupports * aArguments, mozIDOMWindowProxy * * aResult) Line 289 C++
xul.dll!XPTC__InvokebyIndex() Line 99 Unknown
xul.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx, XPCWrappedNative::CallMode mode) Line 1174 C++
xul.dll!XPC_WN_CallMethod(JSContext * cx, unsigned int argc, JS::Value * vp) Line 948 C++
xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 535 C++
xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590 C++
xul.dll!Interpret(JSContext * cx, js::RunState & state) Line 3320 C++
xul.dll!js::RunScript(JSContext * cx, js::RunState & state) Line 423 C++
xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 563 C++
xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590 C++
xul.dll!js::Call(JSContext * cx, JS::Handle<JS::Value> fval, JS::Handle<JS::Value> thisv, const js::AnyInvokeArgs & args, JS::MutableHandle<JS::Value> rval) Line 606 C++
xul.dll!js::fun_apply(JSContext * cx, unsigned int argc, JS::Value * vp) Line 1318 C++
xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 535 C++
xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590 C++
xul.dll!Interpret(JSContext * cx, js::RunState & state) Line 3320 C++
xul.dll!js::RunScript(JSContext * cx, js::RunState & state) Line 423 C++
xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 563 C++
xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590 C++
xul.dll!js::Call(JSContext * cx, JS::Handle<JS::Value> fval, JS::Handle<JS::Value> thisv, const js::AnyInvokeArgs & args, JS::MutableHandle<JS::Value> rval) Line 606 C++
xul.dll!JS_CallFunctionValue(JSContext * cx, JS::Handle<JSObject *> obj, JS::Handle<JS::Value> fval, const JS::HandleValueArray & args, JS::MutableHandle<JS::Value> rval) Line 2588 C++
xul.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper, unsigned short methodIndex, const nsXPTMethodInfo * info, nsXPTCMiniVariant * nativeParams) Line 1147 C++
xul.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex, const nsXPTMethodInfo * info, nsXPTCMiniVariant * params) Line 622 C++
xul.dll!PrepareAndDispatch(nsXPTCStubBase * self, unsigned int methodIndex, unsigned __int64 * args, unsigned __int64 * gprData, double * fprData) Line 181 C++
xul.dll!SharedStub() Line 61 Unknown
xul.dll!PK11PasswordPromptRunnable::RunOnTargetThread() Line 578 C++
xul.dll!mozilla::psm::SyncRunnableBase::Run() Line 32 C++
xul.dll!nsThread::ProcessNextEvent(bool aMayWait, bool * aResult) Line 1144 C++
xul.dll!NS_ProcessNextEvent(nsIThread * aThread, bool aMayWait) Line 468 C++
xul.dll!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate * aDelegate) Line 88 C++
xul.dll!MessageLoop::RunHandler() Line 308 C++
xul.dll!MessageLoop::Run() Line 290 C++
xul.dll!nsBaseAppShell::Run() Line 139 C++
xul.dll!nsAppShell::Run() Line 409 C++
xul.dll!nsAppStartup::Run() Line 272 C++
xul.dll!XREMain::XRE_mainRun() Line 4622 C++
xul.dll!XREMain::XRE_main(int argc, char * * argv, const mozilla::BootstrapConfig & aConfig) Line 4760 C++
xul.dll!XRE_main(int argc, char * * argv, const mozilla::BootstrapConfig & aConfig) Line 4845 C++
firefox.exe!do_main(int argc, char * * argv, char * * envp) Line 214 C++
firefox.exe!NS_internal_main(int argc, char * * argv, char * * envp) Line 293 C++
firefox.exe!wmain(int argc, wchar_t * * argv) Line 129 C++
[External Code]
[External Code]
> xul.dll!mozilla::widget::WinUtils::WaitForMessage(unsigned long aTimeoutMs) Line 744 C++
xul.dll!nsAppShell::ProcessNextNativeEvent(bool mayWait) Line 547 C++
xul.dll!nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal * thr, bool mayWait) Line 259 C++
xul.dll!nsThread::ProcessNextEvent(bool aMayWait, bool * aResult) Line 1068 C++
xul.dll!NS_ProcessNextEvent(nsIThread * aThread, bool aMayWait) Line 468 C++
xul.dll!mozilla::SpinEventLoopUntil<mozilla::ProcessFailureBehavior::ReportToCaller,`lambda at z:/build/build/src/xpfe/appshell/nsXULWindow.cpp:380:24'>(nsXULWindow::ShowModal::<unnamed-tag> && aPredicate, nsIThread *) Line 335 C++
xul.dll!nsXULWindow::ShowModal() Line 381 C++
xul.dll!nsWindowWatcher::OpenWindowInternal(mozIDOMWindowProxy * aParent, const char * aUrl, const char * aName, const char * aFeatures, bool aCalledFromJS, bool aDialog, bool aNavigate, nsIArray * aArgv, bool aIsPopupSpam, bool aForceNoOpener, nsDocShellLoadState * aLoadState, mozIDOMWindowProxy * * aResult) Line 1208 C++
xul.dll!nsWindowWatcher::OpenWindow(mozIDOMWindowProxy * aParent, const char * aUrl, const char * aName, const char * aFeatures, nsISupports * aArguments, mozIDOMWindowProxy * * aResult) Line 289 C++
xul.dll!XPTC__InvokebyIndex() Line 99 Unknown
xul.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx, XPCWrappedNative::CallMode mode) Line 1174 C++
xul.dll!XPC_WN_CallMethod(JSContext * cx, unsigned int argc, JS::Value * vp) Line 948 C++
xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 535 C++
xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590 C++
xul.dll!Interpret(JSContext * cx, js::RunState & state) Line 3320 C++
xul.dll!js::RunScript(JSContext * cx, js::RunState & state) Line 423 C++
xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 563 C++
xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590 C++
xul.dll!js::Call(JSContext * cx, JS::Handle<JS::Value> fval, JS::Handle<JS::Value> thisv, const js::AnyInvokeArgs & args, JS::MutableHandle<JS::Value> rval) Line 606 C++
xul.dll!js::fun_apply(JSContext * cx, unsigned int argc, JS::Value * vp) Line 1318 C++
xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 535 C++
xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590 C++
xul.dll!Interpret(JSContext * cx, js::RunState & state) Line 3320 C++
xul.dll!js::RunScript(JSContext * cx, js::RunState & state) Line 423 C++
xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 563 C++
xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590 C++
xul.dll!js::Call(JSContext * cx, JS::Handle<JS::Value> fval, JS::Handle<JS::Value> thisv, const js::AnyInvokeArgs & args, JS::MutableHandle<JS::Value> rval) Line 606 C++
xul.dll!JS_CallFunctionValue(JSContext * cx, JS::Handle<JSObject *> obj, JS::Handle<JS::Value> fval, const JS::HandleValueArray & args, JS::MutableHandle<JS::Value> rval) Line 2588 C++
xul.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper, unsigned short methodIndex, const nsXPTMethodInfo * info, nsXPTCMiniVariant * nativeParams) Line 1147 C++
xul.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex, const nsXPTMethodInfo * info, nsXPTCMiniVariant * params) Line 622 C++
xul.dll!PrepareAndDispatch(nsXPTCStubBase * self, unsigned int methodIndex, unsigned __int64 * args, unsigned __int64 * gprData, double * fprData) Line 181 C++
xul.dll!SharedStub() Line 61 Unknown
xul.dll!PK11PasswordPromptRunnable::RunOnTargetThread() Line 578 C++
xul.dll!mozilla::psm::SyncRunnableBase::Run() Line 32 C++
xul.dll!nsThread::ProcessNextEvent(bool aMayWait, bool * aResult) Line 1144 C++
xul.dll!NS_ProcessNextEvent(nsIThread * aThread, bool aMayWait) Line 468 C++
xul.dll!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate * aDelegate) Line 88 C++
xul.dll!MessageLoop::RunHandler() Line 308 C++
xul.dll!MessageLoop::Run() Line 290 C++
xul.dll!nsBaseAppShell::Run() Line 139 C++
xul.dll!nsAppShell::Run() Line 409 C++
xul.dll!nsAppStartup::Run() Line 272 C++
xul.dll!XREMain::XRE_mainRun() Line 4622 C++
xul.dll!XREMain::XRE_main(int argc, char * * argv, const mozilla::BootstrapConfig & aConfig) Line 4760 C++
xul.dll!XRE_main(int argc, char * * argv, const mozilla::BootstrapConfig & aConfig) Line 4845 C++
firefox.exe!do_main(int argc, char * * argv, char * * envp) Line 214 C++
firefox.exe!NS_internal_main(int argc, char * * argv, char * * envp) Line 293 C++
firefox.exe!wmain(int argc, wchar_t * * argv) Line 129 C++
[External Code]
Flags: needinfo?(ronoc74)
|
|
Assignee | |
Comment 9•6 years ago
|
||
"socket Thread", "LoadRoots", and any "SSL Cert #" threads would be great (you can attach a text file to this bug if pasting in a comment gets too cumbersome).
Flags: needinfo?(ronoc74)
|
Reporter | |
Comment 10•6 years ago
|
||
|
|
Reporter | |
Comment 11•6 years ago
|
||
Flags: needinfo?(ronoc74)
|
|
Assignee | |
Comment 12•6 years ago
|
||
Oh - I thought I had already asked this (seems not), but presumably the about:config preference "security.enterprise_roots.enabled" is set to true? What this means is that on startup, Firefox will look for and import 3rd party root certificates from the windows trust store. To set them as trusted, Firefox needs to unlock your key database (because the trust bits are authenticated with a private key in your key db). If you cancel the dialog, Firefox can't unlock your key db. So, for each root it finds (looks like it finds two in your case), it sees that it needs to unlock the db and asks you to enter your password. It's unclear why this would have behaved differently before bug 1487258, though.
This would take a bit of work to address, but I think it might be worthwhile. In the meantime, your options are to either enter your password when Firefox asks for it (if you enter the right password it should only ask once - otherwise, that would be a bug), remove the password entirely, or disable the enterprise roots feature if you don't need it (although presumably you need it). With regard to having a password, if you already use full disk encryption, have a password to access your user account, and encrypt any backups you make, putting a password on your Firefox profile doesn't contribute much extra to your security posture (particularly given that the crypto the current password system uses is a bit outdated). So, if you take steps to protect the rest of your data, you shouldn't need to have a password just for Firefox.
Assignee: nobody → dkeeler
Keywords: regression
Priority: -- → P1
Summary: Master password prompt appears twice on startup → make CertVerifier directly aware of 3rd party roots rather than going through NSS
Whiteboard: [passwords:master-password] → [psm-assigned]
|
|
||
Updated•6 years ago
|
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
|
Reporter | |
Comment 13•6 years ago
|
||
Yes, security.enterprise_roots.enabled is true. The certificate turns out to be part of Kaspersky. I found out when I located and edited the security.enterprise_roots.enabled setting in a .cfg file in the Firefox program folder, and Kaspersky flagged an error next time I started Firefox. Disabling the security feature in Kaspersky didn't help, so I'm leaving the setting false in the .cfg file. I do have a couple of other certificates but these are not a problem.
Thanks for your help. It would be nice to not have this interaction with Kaspersky's default settings, but it's not a huge issue.
|
|
Assignee | |
Comment 16•6 years ago
|
||
Before this patch, if the enterprise roots feature were enabled, nsNSSComponent
would gather any such roots and temporarily import them into NSS so that
CertVerifier could use them during path building and trust querying. This turned
out to be problematic in part because doing so would require unlocking the
user's key DB if they had a password. This patch implements a scheme whereby
nsNSSComponent can give these extra roots directly to CertVerifier, thus
bypassing NSS and any need to unlock/modify any DBs. This should also provide a
path forward for other improvements such as not repeatedly searching through all
certificates on all tokens, which has inefficiencies (see e.g. bug 1478148).
|
|
Assignee | |
Comment 17•6 years ago
|
||
|
||
Comment 18•6 years ago
|
||
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b828ed311a01
have CertVerifier use any third-party roots rather than going through NSS r=jcj
|
||
Comment 19•6 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox67:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
|
||
Comment 20•6 years ago
|
||
Dana, is that something that we would like to uplift in 66 ? thanks
Flags: needinfo?(dkeeler)
Keywords: regression
|
|
Assignee | |
Comment 21•6 years ago
|
||
I'd rather not. There's a workaround for this issue and we would have to uplift bug 1520347 as well.
Flags: needinfo?(dkeeler)
|
|
||
Updated•6 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•