User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 If there is a master password set and a Web or e-mail connection is made via SSL and the content provider's certificate is not issued by the a priori trusted certificate issuers, a prompt to cancel the connection, accept the certificate permanently, or accept it temporarily is given. If the master password has not been entered during the session, the permanent certificate option does not work. Reproducible: Always Steps to Reproduce: 1. Enable FIPS mode and enter a master password. 2. Exit Mozilla to make sure you are not logged in with the master password. 3. Open Mozilla and navigate to an SSL-enabled site whose certificate provider is not in the a priori trusted list. 4. Select the permanent certificate option. Actual Results: The dialog continues to ask what to do with the certificate. Expected Results: I should be prompted for the master password as I am with the temporary option. If it makes a difference, I am in FIPS mode. This has been reproduced on Windows XP Pro SP1 with both Mozilla 1.5 stable, Firebird nightlies, and Thunderbird nightlies.

Yes, I believe FIPS mode is the explanation for this behavior.

Sounds like it should be prompting for the master password in this case.

This may or may not be a PSM problem, per se', but the PSM developer will know how to propel this bug towards a solution.

Looking at the bug history, I see that I've brought it back full circle to Kai. Sorry, Kai. CC'ing Johanthan Nightingale. Johnathan, maybe you can help by identifying which code (if not in PSM) needs to be changed to add additional master password prompts needed in this case.

reassign bug owner. mass-update-kaie-20120918

From what I'm seeing right now, Firefox can't even visit an https site in FIPS mode if the master password isn't entered.