714185 - Firefox 9.0.1 on vanilla Windows XP SP3 lacks Microsoft.VC80.CRT Visual C++ 2005 DLL causing "The URL is not valid and cannot be loaded" popups

Status: RESOLVED DUPLICATE of bug 713167

(Firefox :: Untriaged, defect)

Description

[Nicolas Pioch]

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0
Build ID: 20111104165243

Steps to reproduce:

Problem reproduced on fresh/vanilla Microsoft Windows XP SP3 (32-bit) US-English (original MSDN OS) virtual machines with only Windows Update required fixes (which include Internet Explorer 8)

*** ONLY install mandatory Windows updates -- do not install any "optional" Windows Update component that is not listed as mandatory, esp. do not install any of the .NET Frameworks as they might solve the issue ! ***

How to reproduce:
- Install a fresh/vanilla Windows XP SP3 US-English OS
- Install Firefox 9.0.1
- Try accessing https://fnac.com/
(a French retailer similar to Amazon)


Actual results:

An "Alert" popup appears indicating "The URL is not valid and cannot be loaded"
with an [OK] button.

(this is due to the fact the SSL server certificate bears an X.509 Common Name of www.fnac.com instead of fnac.com, and I selected the mismatching URL on purpose)

The same popup appears when trying to load https:// URLs whose SSL certificate is expired, or signed with an untrusted CA such as self-signed certificates commonly used by individuals or companies internally (and sometimes externally too!)


Expected results:

Instead of the weird Alert popup, an "Untrusted Connection" page should appear instead, as it happens with all Firefox versions up to version 8.* included:

This Connection is Untrusted
You have asked Firefox to connect
securely to fnac.com, but we can't confirm that your connection is secure.
What Should I Do? (...)
Technical Details (...)
I Understand the Risks (...) [[Add Exception]]

As a result, Firefox 9.0.1 is seriously broken and doesn't allow accessing SSL websites which used to be accessible in all previous versions.

As Firefox 8 cannot be spotted easily for download from the Mozilla website,
Mozilla users end up having to switch to IE8 or download Chrome to access the https:// website, which is a shame!

ROOT CAUSE OF THE PROBLEM:

Checking the Windows XP Event Viewer, Security log reveals the following SideBySide errors:
* Generate Activation Context failed for C:\Program Files\Mozilla Firefox\components\browsercomps.dll. Reference error message: The operation completed successfully.
* Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system.
* Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Microsoft.VC80.CRT appears to be a Microsoft Visual C++ 2005 SP1 runtime,
which is of course not included in Windows XP since that OS shipped in 2001.

The missing MS-C++ runtime can be downloaded from the official MS website at:
https://www.microsoft.com/download/en/details.aspx?id=5638

Installing this runtime solves the issue: no more Alert popups, and Firefox 9.0.1 displays the "Untrusted Connection" page allowing the user to override and access the website with the weird SSL server certificate if he wishes to do so.

Downloading this runtime was not necessary with previous versions of Firefox, up to v 8.* included (I've run them all on vanilla XP SP3 virtual machines) so this problem is due to something that was broken very recently.

PS: Installing some .NET Frameworks might resolve the issue if they include the Visual C++ 2005 runtimes themselves -- I haven't tried.

Comment 1

[Tim (fmdeveloper)]

Bug 713167?

Comment 2

[Frank Wein [:mcsmurf]]

Yes, it's a dupe. Thanks for the long bug report though :)