Closed Bug 1255139 Opened 8 years ago Closed 8 years ago

iNotes not working after upgrade to release 45.0

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Version:
45 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla48
Tracking Flags:
Tracking Status
firefox45 + fixed
firefox46 --- fixed
firefox47 --- fixed
firefox48 --- fixed
firefox-esr45 45+ fixed
relnote-firefox --- 45+

People

(Reporter: ischor, Assigned: ehsan.akhgari)

References

(
URL
)

Details

(Keywords: dev-doc-complete, regression, site-compat, Whiteboard: [necko-active])

Attachments

(1 file)

Keep allowing remote JAR files for IBM iNotes for now on release builds
1.40 KB, patch
bzbarsky
: review+
Sylvestre
: approval-mozilla-aurora+
Sylvestre
: approval-mozilla-beta+
Sylvestre
: approval-mozilla-release+
Sylvestre
: approval-mozilla-esr45+
Details | Diff | Splinter Review 
User Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; .NET4.0E)

Steps to reproduce:

Opened email in iNotes.  Tried to open a message.  Tried to reply to a message.


Actual results:

IBM Domino 9.0.1 FP5 with 9.0.x mail template.  Cannot read or reply to emails when using iNotes.  Errors:

Domino Release 9.0.1FP5 (Windows/64)                                    
Template: StdR9Mail                                                    
Language: English                                                      
                                                                        
Logging started dojo.js:14:25097                                        
NS_ERROR_UNSAFE_CONTENT_TYPE:  Proxy:10:0                               
TypeError: AAA.DSq.EKc.prototype.EYl['e-$new-1-bodyrich:ElN'] is        
undefined                                                               
 Mail:1:1                                                               
NS_ERROR_UNSAFE_CONTENT_TYPE:  Proxy:10:0                               
TypeError: AAA.DSq.EKc.prototype.EYl['e-$new-2-bodyrich:ElN'] is        
undefined                                                               
 Mail:1:1                                                               
-------                                                                 
iNotes console:                                                         
Domino Release 9.0.1FP5 (Windows/64)                                    
$HaikuForm - 231.38                                                     
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
                                                                        
03/09/2016 02:55:14PM A problem has occurred which may have caused the  
current operation to fail.                                              
03/09/2016 02:55:14PM NS_ERROR_UNSAFE_CONTENT_TYPE:                     
03/09/2016 02:55:14PM http://ourserver.ourdomain.com/iNotes/Forms9.        
nsf/iNotes/Proxy/?                                                      
OpenDocument&Form=l_StdPageOperations_Gecko&l=en&gz&CR&MX&TS=20150922T19
3935,27Z&charset=UTF-8&pt&PresetFields=s_stdedit;1: 10                  
03/09/2016 02:58:31PM A problem has occurred which may have caused the  
current operation to fail.                                              
03/09/2016 02:58:31PM NS_ERROR_UNSAFE_CONTENT_TYPE:                     
03/09/2016 02:58:31PM http://ourserver.ourdomain.com/iNotes/Forms9.        
nsf/iNotes/Proxy/?                                                      



Expected results:

Emails should open and replies should be able to be composed without error message.  This will impact all users who's FF is set to pupdate, globally.
CORRECTION.. I stated "Cannot read or reply to emails when using iNotes" and it should read "Cannot COMPOSE, FORWARD, OR REPLY TO emails when using iNotes"  Reading emails is fine.
CORRECTION.. I stated "Cannot read or reply to emails when using iNotes" and it should read "Cannot COMPOSE, FORWARD, OR REPLY TO emails when using iNotes"  Reading emails is fine.
Make a test with a fresh profile:
https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles

If the issue still here, could you install Mozregression to find a regression range, because you have the infrastucture to reproduce it.
See http://mozilla.github.io/mozregression/ for the FAQ.
Run "mozregression --good=44" then copy here the final pushlog provided by the tool.
Flags: needinfo?(ischor)
[Tracking Requested - why for this release]: Probably a site compatibility regression in Firefox 45.
status-firefox45: --- → affected
tracking-firefox45: --- → ?
Component: Untriaged → Networking
Product: Firefox → Core
ehsan, baku, bz: do we agree this is wontfix?
Flags: needinfo?(ehsan)
Flags: needinfo?(bzbarsky)
Flags: needinfo?(amarchesini)
Whiteboard: [necko-active]
kohei - thanks for tracking down a clear explanation!
Does iNotes work in other browsers?
Flags: needinfo?(bzbarsky)
(In reply to Boris Zbarsky [:bz] from comment #11)
> Does iNotes work in other browsers?

Yes, according to http://www-01.ibm.com/support/docview.wss?uid=swg27007763

Basically this could be WONTFIX but the timing was wrong... Firefox 45 is ESR. Should we enable the pref in that release to mitigate the impact on enterprise users?
status-firefox-esr45: --- → affected
tracking-firefox-esr45: --- → ?
Note.  The preceding link from IBM is not up to date for FF45.  I notified IBM when this began in addition to this bug track.  They have an APAR on it now (see below), which I apologized for the delay in posting.   

We know that users are fine with IE and other browsers.  This issue only surfaced when 45.0 came about with the auto update.   We have validated that downgrading to FF 44.x is a workaround, as long as the user unchecks the automatic update option afterward.

And yes, this will significantly inconvenience Enterprise customers standardized on Firefox. 


Thanks to the community for helping out here.   I'm sure it's isolated to something that changed in the browser based upon testing.  If its related to security, than IBM and the team here will figure it out.  

----------------------- 

From:	"Jenson Alcantara" <alcantj@ph.ibm.com>
To:	
Cc:	"Lotus Support" <lotus_support@ecurep.ibm.com>
Date:	03/09/2016 04:51 PM
Subject:	Re: 22971,082,000 - iNotes errors after Firefox 45.0 Update. -nosec



Hello Irv, 

Good day! This is Jenson again of Domino web server team. Thank you for taking your time on the call with me a while ago, as discussed, I already created a software problem report with reference number (SPR#JALAA7VSRE) and (APAR LO88282). We are the first to to create this type of report(issue with iNotes on Firefox 45.0) about the issue we have on your PMR.
Flags: needinfo?(ischor)
(In reply to Boris Zbarsky [:bz] from comment #11)
> Does iNotes work in other browsers?

Yes, This is only happening on Firefox 45.0
So the problem is that they were using non-standard jar: URIs in Firefox but presumably doing something else in other browsers.... and then we removed the jar: thing.

So iNotes should really just do whatever it does in other browsers instead of sniffing for Firefox and doing special non-standard things.  But that doesn't help in the short term...  It's really too bad no one tried iNotes in a devedition or beta build.  :(

In the short term, I think we should back out the pref change, including on 45, and work with IBM to get their end fixed.
Yeah, I agree with Boris.  But I also think that we should only turn the pref back on for release builds, so that people testing pre-release versions of Firefox would still find such problems.
Flags: needinfo?(ehsan)
Assignee: nobody → ehsan
Tracking it is a web compat regression on an important project.
tracking-firefox45: ?+
tracking-firefox-esr45: ?45+
Comment on attachment 8729534 [details] [diff] [review]
Keep allowing remote JAR files for IBM iNotes for now on release builds

r=me
Attachment #8729534 - Flags: review?(bzbarsky) → review+
Comment on attachment 8729534 [details] [diff] [review]
Keep allowing remote JAR files for IBM iNotes for now on release builds

[Approval Request Comment]
If this is not a sec:{high,crit} bug, please state case for ESR consideration: See below
User impact if declined: See below
Fix Landed on Version: Just landed on trunk
Risk to taking this patch (and alternatives if risky): See below
String or UUID changes made by this patch: See below

See https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for more info.

Approval Request Comment
[Feature/regressing bug #]: Bug 1215235
[User impact if declined]: comment 0
[Describe test coverage new/current, TreeHerder]: Untested, flipping a pref back
[Risks and why]: Should be very low risk.
[String/UUID change made/needed]: None.
Attachment #8729534 - Flags: approval-mozilla-release?
Attachment #8729534 - Flags: approval-mozilla-esr45?
Attachment #8729534 - Flags: approval-mozilla-beta?
Attachment #8729534 - Flags: approval-mozilla-aurora?
Update from my PMR with IBM.  Tested/works, but what are the ramifications? Are they correct in stating "Based on our research, this configuration should be disabled by default but on Firefox 45, we have seen this configuration has been toggled to "True". "
--------------------
-

From:	"Jenson Alcantara" <alcantj@ph.ibm.com>
To:	ischor
Cc:	"Lotus Support" <lotus_support@ecurep.ibm.com>
Date:	03/11/2016 10:45 AM
Subject:	Re: 22971,082,000 - iNotes errors after Firefox 45.0 Update. -nosec



Hi Irv,

Good day, We've found out that the problem regarding your PMR is on the browser side on their recent update that makes iNotes function to compose and to reply to mails having an error.

Based on our research, this configuration should be disabled by default but on Firefox 45, we have seen this configuration has been toggled to "True". Kindly re-enable it by setting this setting to "False": 
Please open a Firefox 45.0 browser and type on the address box about:config and search for the network.jar.block-remote-files.
Irv, that preference is one we explicitly changed to "true" in Firefox 45, because the "false" value has some security concerns.  But, again, the point is that other browsers always have the "true" behavior.  So iNotes is doing something in Firefox _only_ that depends on remote jars being enabled, while we would like to disable them for security reasons.
(In reply to Boris Zbarsky [:bz] from comment #24)
> Irv, that preference is one we explicitly changed to "true" in Firefox 45,
> because the "false" value has some security concerns.  But, again, the point
> is that other browsers always have the "true" behavior.  So iNotes is doing
> something in Firefox _only_ that depends on remote jars being enabled, while
> we would like to disable them for security reasons.

Thank you Boris.  Would it be an option to have a security preference (i.e. like a 'Trusted Site' type scenario) where the source server FQN could be added to let the user decide, or is that old thought?  We used to have do something similar with that 'other' well known browser to permit certain Active-X functions within iNotes to operate unhindered.
That would be doable, but in addition to a bunch of extra complexity absent certificate pinning it doesn't resolve the security concerns.
Thanks for the explanation.  Agreed.
See Also: → 1255934
https://hg.mozilla.org/mozilla-central/rev/64c69e804a91
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
status-firefox48: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
Comment on attachment 8729534 [details] [diff] [review]
Keep allowing remote JAR files for IBM iNotes for now on release builds

Taking it on all branches.
Attachment #8729534 - Flags: approval-mozilla-release?
Attachment #8729534 - Flags: approval-mozilla-release+
Attachment #8729534 - Flags: approval-mozilla-esr45?
Attachment #8729534 - Flags: approval-mozilla-esr45+
Attachment #8729534 - Flags: approval-mozilla-beta?
Attachment #8729534 - Flags: approval-mozilla-beta+
Attachment #8729534 - Flags: approval-mozilla-aurora?
Attachment #8729534 - Flags: approval-mozilla-aurora+
if we're willing to do a dot release over iNotes, I think we ought to be testing that as part of the release process. Jason, can you figure out how QA can get involved in that?

Also, lets test iNotes with nightly to see if it survives christoph's security changes to async open.
Flags: needinfo?(jduell.mcbugs)
Flags: needinfo?(amarchesini)
(In reply to Patrick McManus [:mcmanus] from comment #35)
> if we're willing to do a dot release over iNotes, I think we ought to be
> testing that as part of the release process. Jason, can you figure out how
> QA can get involved in that?
> 
> Also, lets test iNotes with nightly to see if it survives christoph's
> security changes to async open.

Adding Andrei, since his team does QA validation for builds, and this would need to be covered for this dot release (and ESR).
Sorry for the mess.
Resolution: INCOMPLETE → FIXED
(In reply to Florin Mezei, QA (:FlorinMezei) from comment #36)
> Adding Andrei, since his team does QA validation for builds, and this would
> need to be covered for this dot release (and ESR).

Also I think the QA team would need some test accounts and instructions to use iNotes, so they can test this. So please provide those.
Flags: needinfo?(andrei.vaida)
(In reply to Florin Mezei, QA (:FlorinMezei) from comment #41)
> (In reply to Florin Mezei, QA (:FlorinMezei) from comment #36)
> > Adding Andrei, since his team does QA validation for builds, and this would
> > need to be covered for this dot release (and ESR).
> 
> Also I think the QA team would need some test accounts and instructions to
> use iNotes, so they can test this. So please provide those.

Yeah, we should definitely look into this. I'm leaving the ni? in place until the necessary test data and instructions are provided. Patrick, Jason -- any update on this matter?
Flags: qe-verify+
This bug has reappeared in some of the latest Nightly builds(48.0a1), and has not been fixed in the latest Nightly(48.0a1(2016-03-15)).  Should this bug be reopened, or has it been left in for testing, so sites that don't work can be reported?
The latter.  See comment 16.

Again, this is a bug in iNotes that they need to fix.  We checked in a workaround into release, but they really do need to fix on their end.
. Patrick, Jason
> -- any update on this matter?

inotes credentials are not something the networking team will be able to supply to you.
This is the latest I have from IBM.  I have supplied them with the link to this bug report.   Their current tech note workaround mentioned earlier works, but doesn't appear to be the fix.   

From:	"JeXXXXXXXXXj@ph.ibm.com>
To:	"Irv ScXXXXXXXXXXXXXXXcg.com>
Cc:	"Lotus Support" <lotus_support@ecurep.ibm.com>
Date:	03/14/2016 03:04 PM
Subject:	Re: 22971,082,000 - iNotes errors after Firefox 45.0 Update. -nosec



Hello Irv,

Good day. We are still working for an update about this issue from our Development team, and will keep you posted. 

Thanks and best regards,
Flags: needinfo?(jduell.mcbugs)
Andrei: I would suggest we ask IBM for the best/easiest way to test iNotes.  Perhaps they can give us a login somewhere for testing purposes.
(In reply to Jason Duell [:jduell] (needinfo? me) from comment #47)
> Andrei: I would suggest we ask IBM for the best/easiest way to test iNotes. 
> Perhaps they can give us a login somewhere for testing purposes.

Do we have someone at IBM we could contact on this matter? We'll have to get this clarified as soon as possible if we're to confirm the fix today.
Flags: needinfo?(andrei.vaida) → needinfo?(jduell.mcbugs)
I will update our PMR with IBM.  I have previously supplied them with the link to this thread, but unfortunately do not have access to their escalations behind the scenes with the development team.  My PMR is handled from the support track, who internally interfaces with development at IBM.

If given a download to the beta, I could see if the basic functions are working, I imagine, provided that I start by undoing what I did in http://www-01.ibm.com/support/docview.wss?uid=swg21978919, first validating that things are broken again on r45.0.
Added to the release notes with "Bring back non-standard jar: URIs to fix a regression in IBM iNotes (1255139)" as wording
Don't hesitate to propose a better wording
relnote-firefox: --- → 45+
fyi - updated PMR with IBM.  They have been supplied the link to this thread.

xxxxxxxxxxx Inc. Update3/16/16 7:23 AM

*** Electronic submission by customer via SR tool, version 3.4.3        
*** Preferred contact method: Daytime phone.                            
*** Customer contact full name: Irv Sxxxx                                                                               
*** Updated by: Irv Sxxxxxxxxx                                              
*** Email: ischorxxxxx
                                                                        
.                                                                       
Additional comments                                                     
Is the development team interfacing at all with the Mozilla (Bugzilla)  
thread on this?  They too are working on this, and are requesting       
advice on 'test accounts' for iNotes.  I'm sure IBM has something they  
can go to/register which would have the latest Domino/iNotes 9.0.x on   
it.  Please see the dev team gets the following in a timely manner.     
                                                                        
----------------
Irv S, thank you for offering to test this!

You should be able to get a test build at http://archive.mozilla.org/pub/firefox/tinderbox-builds/mozilla-release-win32/1458080386/ that ought to have this fix in it.  Andrei, would that give you the information you need?
(In reply to Boris Zbarsky [:bz] from comment #52)
> Irv S, thank you for offering to test this!
> 
> You should be able to get a test build at
> http://archive.mozilla.org/pub/firefox/tinderbox-builds/mozilla-release-
> win32/1458080386/ that ought to have this fix in it.  Andrei, would that
> give you the information you need?

Sure, if Irv S can have a look at this and confirm it's fixed, that'd be great. Many thanks!
(In reply to Andrei Vaida, QA [:avaida] from comment #48)
> (In reply to Jason Duell [:jduell] (needinfo? me) from comment #47)
> > Andrei: I would suggest we ask IBM for the best/easiest way to test iNotes. 
> > Perhaps they can give us a login somewhere for testing purposes.
> 
> Do we have someone at IBM we could contact on this matter? We'll have to get
> this clarified as soon as possible if we're to confirm the fix today.

I'll say this again - if iNotes is so important that we'll roll a dot release for it then QA needs to test it as part of each release. That's not just verifying this bug.
Boris,  Which file http://archive.mozilla.org/pub/firefox/tinderbox-builds/mozilla-release-win32/1458080386/  should I be using?  It is not obvious to me.  I see the base 45 release listed, then some with mochi and talos?
From my link, you'd want the firefox-45.0.en-US.win32.installer.exe or the firefox-45.0.en-US.win32.zip: the former is an installer, the latter is a zip file you can just unzip and run firefox from.
Hello,  I have tested this and it seems to address the issue:   http://archive.mozilla.org/pub/firefox/candidates/45.0.1-candidates/build1/win32/en-US/ 

-Irv
This is working as well, although the help>about FF said 45.0 (no ref to .1esr):  

http://archive.mozilla.org/pub/firefox/candidates/45.0.1esr-candidates/build1/win32/en-US/.
Here is the latest from IBM, so this should confirm that your current activities on a temporary fix by rolling back the network.jar setting in combination with IBM will address in a future release.  Since they are on 9.0.1 FP5 now, it should be available shortly as well, most likely permitting the Mozilla team to incorporate the more secure network.jar settings in a future release as mentioned earlier. 


From:	"Jenson Alcantara" <xxxxxxxxx.ibm.com>
To:	"Irv xxxxxxxxxxx.com>
Cc:	"Lotus Support" <lotus_xxxxxxxx.xxibm.com>
Date:	03/16/2016 10:14 AM
Subject:	Re: 22971,082,000 - iNotes errors after Firefox 45.0 Update. -nosec



Hi Irv, 

Good day. Saw your update on the PMR, and to give you an update I have a feedback from Development team that the reported issue on the SPR# JALAA7VSRE that I gave to you about iNotes issue on Firefox 45.0 is the same issue as SPR #KMOAA6LDVX which has been resolved in a future iNotes release. ( iNotes 9.0.1 FP6 ) We don not have a definite timeline yet for it's release. 

Thanks and best regards,
Thank you, that's great to hear!

Is it possible for you to ask them whether this fix is something that will get to all iNotes users once IBM releases 9.0.1 FP6, or if this is something that each organization using iNotes needs to do individually?  I'd like to get a better understanding of what we need to wait for in order to be able to remove this temporary workaround for iNotes in a way that won't affect the users who use iNotes.

Thanks again!
IBM Domino customers would need to upgrade their Domino Server to 9.0.1 FP6, provided they include the fix in that version as described above.  No browser changes would be required, but I do recommend the changes being proposed above be implemented to mitigage impact.  

This, of course, is provided I have been given the correct information from IBM - I just checked and do not see the SPR#KMOAA6LDVX published to the list of anticipated fixes and have now asked them to keep my PMR open until we see it published.  -Irv
Andrei: I don't have any contact at IBM.  Perhaps Irv could put us in contact with the folks he's been dealing with at IBM?

I support Patrick's notion that if we're willing to roll dot-releases for iNotes, we should be testing it regularly as part of QA.  Ideally IBM could provide us with a long-lasting account and access to some iNotes server for this.  It would be much better than us trying to stand up (and update, etc) our own iNotes server.
Flags: needinfo?(jduell.mcbugs)
(In reply to Irv S from comment #60)
> Here is the latest from IBM, so this should confirm that your current
> activities on a temporary fix by rolling back the network.jar setting in
> combination with IBM will address in a future release.  Since they are on
> 9.0.1 FP5 now, it should be available shortly as well, most likely
> permitting the Mozilla team to incorporate the more secure network.jar
> settings in a future release as mentioned earlier. 
> 
> 
> From:	"Jenson Alcantara" <xxxxxxxxx.ibm.com>
> To:	"Irv xxxxxxxxxxx.com>
> Cc:	"Lotus Support" <lotus_xxxxxxxx.xxibm.com>
> Date:	03/16/2016 10:14 AM
> Subject:	Re: 22971,082,000 - iNotes errors after Firefox 45.0 Update. -nosec
> 
> 
> 
> Hi Irv, 
> 
> Good day. Saw your update on the PMR, and to give you an update I have a
> feedback from Development team that the reported issue on the SPR#
> JALAA7VSRE that I gave to you about iNotes issue on Firefox 45.0 is the same
> issue as SPR #KMOAA6LDVX which has been resolved in a future iNotes release.
> ( iNotes 9.0.1 FP6 ) We don not have a definite timeline yet for it's
> release. 
> 
> Thanks and best regards,

Since you are in contact with the folks at IBM, why don't you make sure they test this bug fix with the nightly build and not the release(the only release that iNotes doesn't work with is the original 45.0 release).  
Thanks
Thank you everyone for working on this.  Much appreciated. -Irv
FYI, you can find any IBMer email address at:

http://www.ibm.com/contact/employees/us/en/

I'm checking with some of my contacts to see if I can find someone to give us an iNotes account.
Yes, eventually...After everyone has updated to Fix Pack 6.  Many people are still on Fix Pack 5.  That is still progress towards working towards enabling secure Java in FireFox.  My email is still on Fix Pack 5.  (Note: the server side requirement for secure java in FireFox is Fix Pack 6).
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: