Closed Bug 1218183 Opened 9 years ago Closed 2 years ago

Thunderbird and Firefox freeze after windows wake from sleep when using smartcard

Categories

(Core :: Security: PSM, defect, P3)

Product:
Core
Component:
Security: PSM
Version:
38 Branch
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: birdfund, Unassigned)

References

Details

(Keywords: hang, Whiteboard: [psm-smartcard])

Attachments

(2 files)

Authentication Request Window
19.48 KB, image/jpeg
Details
pk.jpeg
30.17 KB, image/jpeg
Details
User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:44.0) Gecko/20100101 Firefox/44.0 Build ID: 20151023030245 Steps to reproduce: Left smart card in reader, windows sleep, wake up pc. Actual results: Thunderbird often (almost every time) will become unresponsive and need to be task-killed after waking from sleep if smartcard is left in reader. This may occur during attempted new message download or on prompt to enter security code (there is no response to security code and message window expands slightly with black area). Please note: this may be a problem with code shared with firefox. I have had the issue w/ firefox that in same wake up situation, reloading an existing tabe or trying to load a new tab results in ..nothing. Existing tabs can still be viewed as long as not refreshed. Expected results: Thunderbird should not freeze after waking from sleep. Status of card in reader should have no bearing on thunderbird (note: card automatically times out so it is necessary to re-enter security code even if left in reader during normal usage)
Are you updated to version 38.3.0 of Thunderbird?
(In reply to Wayne Mery (:wsmwk, use Needinfo for questions) from comment #1) > Are you updated to version 38.3.0 of Thunderbird?
Flags: needinfo?(birdfund)
Whiteboard: [closeme 2015-12-01]
Yes, 38.3.0 and for completeness, firefox 45.0a1. I do not know the extent of shared code between them but were I to speculate, soemthing with the security device code is causing blocking on the return from sleep, as if it might be trying to re-establish contact with the reader or smartcard after wake from sleep and is unable to do so.
Can you try the beta version at http://www.mozilla.org/en-US/thunderbird/channel/ ?
Whiteboard: [closeme 2015-12-01]
Ok will install it tonight and give it a try for a few days to see if issues still exists then revert back.
Flags: needinfo?(birdfund)
(In reply to larrybird from comment #5) > Ok will install it tonight and give it a try for a few days to see if issues > still exists then revert back. Sorry delay in getting back to you. So the results are mixed in the sense that a) slightly less frequent and b) sometimes recoverable by pulling card (note: this also will unfreeze actions on firefox). However, all is not perfect. There are still times where it does lock up, other times where it keeps putting up authentication request but card reader does not see the request, attempts to kill request generally result in a second request window which does sometimes authenticate but leaves previous dead request window still open. I am also trying to add attachment showing one type of freeze where the authentication request window changes (note black area on right) and then entire app is locked up.
Sometimes tbird will freeze when coming out of deep sleep and requesting code from card on pinpad reader. This is one example of what happens - the font kind of changes and then the black area appears on left. From that point, nothing is responsive.
Summary: Thunderbird free after windows wake from sleep when using smartcard → Thunderbird freeze after windows wake from sleep when using smartcard
Severity: normal → critical
Component: Untriaged → Security
Keywords: hang
Summary: Thunderbird freeze after windows wake from sleep when using smartcard → Thunderbird and Firefox freeze after windows wake from sleep when using smartcard
Sorry, I don't have a smartcard to help triage this. Maybe the product and component should be change from Thunderbird/Security to something like Core or NSS to also get Firefox people to look at this?
Product: Thunderbird → Firefox
Version: 38 → 38 Branch
Product: Firefox → Core
See Also: → 1246759
What pkcs11 module are you using? (Preferences -> Advanced -> Certificates -> Security Devices)
Flags: needinfo?(birdfund)
Attached image pk.jpeg
(In reply to Dana Keeler [:keeler] (use needinfo?) from comment #9) > What pkcs11 module are you using? (Preferences -> Advanced -> Certificates > -> Security Devices) Gemalto\IDGo 800 PKCS#11\IDPrimePKCS11.dll
Flags: needinfo?(birdfund)
Larry, are you still seeing this issue?
Flags: needinfo?(birdfund)
Wayne: I have managed to eliminate the firefox lockups by removing all references to external pkcs11 security devices. However, I do still have the issue on Thunderbird (50b1). As per previous, I can't say it happens every single wake event but when it does, I usually must a) kill thunderbird and b) remove smart card and c) sometimes pull out the usb reader as well. The best I can say as to the circumstances are two situations - 1) you last were in a folder where the messages are secured (not all my mail requires decrypting) or 2) the client immediately begins a download of messages (I use pop3)and you are prompted to enter pin on keypad, thunderbird then becomes unresponsive. I have also had situations where it asks for pin multiple times (though correctly entered) as if it has somehow queued up requests and I must answer each before continuing. This event usually, but not always, will end successfully. I would note that in all circumstances, the pinpad reader indicates the correct pin was entered (one reader has a led the other simply says OK - so there to, I have used two different readers, one a Gemalto the other a Cherry with same problems) Hope that helps a little. If there is a way to turn on logging or there is a debug build, willing to try out for a week if that will assist.
Component: Security → Security: PSM
Priority: -- → P3
Whiteboard: [psm-smartcard]
Flags: needinfo?(birdfund)

In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.

Severity: critical → --

If this is still happening, can you use the Windows Process Explorer to get a stack trace of where Thunderbird is hanging?
https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer

Flags: needinfo?(birdfund)

Redirect a needinfo that is pending on an inactive user to the triage owner.
:keeler, since the bug has recent activity, could you please find another way to get the information or close the bug as INCOMPLETE if it is not actionable?

For more information, please visit auto_nag documentation.

Flags: needinfo?(birdfund) → needinfo?(dkeeler)

Hi I am the user - I have been on vacation and unable to access anything. Please allow me a week or two now (holiday Thurs) for a follow up. THanks

I'll put the needinfo back to you as a reminder, then.

Flags: needinfo?(dkeeler) → needinfo?(birdfund)

I tried with 102.6.0 32 bit on my laptop.

Still fails. However, I do believe it is broadly related to this pre-existing bug 1335421

However, I can pass along from the console after trying to send message. This behavior happens whether Thunderbird is started fresh or resumes after returning from sleep

mailnews.pop3.42: SecurityError: a SecurityProtocol error occured Pop3Client.jsm 350:18

which is after a delay followed by

mailnews.pop3.43: ConnectionRefusedError: a Network error occured Pop3Client.jsm 350:18

I did not have time to try to capture from the server side of things though I suspect it would be similar to what was reported on that other bug report.

So let me summarize as it has been a long time:

I am stuck on build 51.0b2 as this is the last build on which I can have the smart card active (either to decrypt a message or to sign an outgoing) and still have mail function normally.

Something was changed after that build. It is almost as if Thunderbird is somehow trying to use the certificate (or other keys?) on the card as an authentication method with the remote server(s). It pretty clearly should not be doing this - certs on the card are for encrypt/decrypt and signing, not for server authentication/login.

Let me know if I can help further.

BTW, very much like the new look in 102.x just wish I could use it :(

Flags: needinfo?(birdfund)
See Also: → 1335421

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #15)

If this is still happening, can you use the Windows Process Explorer to get a stack trace of where Thunderbird is hanging?
https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer

Is it still hanging? If so, can you do the above?

Flags: needinfo?(birdfund)

I'm fairly confident this behavior is now fixed. I've tried on both the desktop from the original report as well as a laptop. It does resume from sleep and does not hang when asking for card pin. Thank you for fixing.

Flags: needinfo?(birdfund)

Great - thanks!

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: