1207968 - pkcs#11 password enter dialog is opened twice for the same password/PIN - not thread safe?

Status: UNCONFIRMED

(Thunderbird :: Security, defect)

Description

[Jan Peter Stotz]

Attachment: pkcs#11-pwd-dialog.png

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36 OPR/32.0.1948.25

Steps to reproduce:

On Thunderbird with installed PKCS#11 library (e.g. for a smart card) a password dialog is shown in case the PKCS#11 library/smart card requires a PIN before access is granted to the smart card.
This password enter dialog seems to be not thread safe as it can appear twice over another. The second dialog becomes visible if you move the first dialog away.

Note that this behavior only occurs in case certain add-ons are installed in Thunderbird, e.g. “Allow HTML Temp” 3.6.4 by Alexander Ihrig.


Actual results:

When clicking a S/MIME encrypted mail the password enter dialog for the pkcs#11 module appears twice.


Expected results:

Thunderbird should only display one password dialog at a time per pkcs#11 module.

Comment 1

[Wayne Mery (:wsmwk)]

jpstotz
Do you still see this when using a current version?

Comment 2

[Jan Peter Stotz]

Unfortunately yes. There was no positive change since I created this bug report. 

It even got worse because in situations when this bug occurs there is a 50/50 chance that the whole Thunderbird process stops working and I have to kill it.

Comment 3

[Wayne Mery (:wsmwk)]

(comment in bug 930497 was meant for this bug)

I thought I recently read something recently about thread safe issue in NSS