Closed Bug 1514118 Opened 2 years ago Closed 2 years ago

make CertVerifier directly aware of 3rd party roots rather than going through NSS

Categories

(Core :: Security: PSM, defect, P1)

64 Branch
defect

Tracking

()

RESOLVED FIXED
mozilla67
Tracking Status
firefox-esr60 --- unaffected
firefox64 --- wontfix
firefox65 --- wontfix
firefox66 --- wontfix
firefox67 --- fixed

People

(Reporter: ronoc74, Assigned: keeler)

References

(Blocks 1 open bug)

Details

(Keywords: regression, Whiteboard: [psm-assigned])

Attachments

(3 files)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0

Steps to reproduce:

Start Firefox


Actual results:

The master password dialog appears on startup. When dismissed it returns a second time.


Expected results:

Nothing.

I am not using Sync.

The problem still occurs in safe mode.

Restoring my profile from a backup I made when 63.0.3 was installed fixed the issue once, but it recurred on the next startup. Based on a thread about a related problem, I tried deleting cert9.db, which also prevented the problem once only.

This issue only occurs in version 64. Downgrading to 63.0.3 fixed it.
Version: 63 Branch → 64 Branch
(In reply to ronoc74 from comment #0)
> This issue only occurs in version 64. Downgrading to 63.0.3 fixed it.

It would be useful if you could create a copy of the aforementioned profile backup, then use mozregression-gui on it to find the exact regression range.
https://mozilla.github.io/mozregression/quickstart.html
Has Regression Range: --- → no
Component: Untriaged → Password Manager
Flags: needinfo?(ronoc74)
Keywords: regression
Product: Firefox → Toolkit
See Also: → 177175
Whiteboard: [passwords:master-password]
> I am not using Sync.

Did you ever have it set up?

Are you using session restore? Are you restoring tabs that have password fields? What is triggering the MP dialog to appear in the first place? Is it a password form on a tab?

Attaching the debug logs could be useful: https://wiki.mozilla.org/Toolkit:Password_Manager/Debugging

I also second the idea of using mozregression as that will likely point right to the cause.
mozregression:
Differential Revision: https://phabricator.services.mozilla.com/D4708

I have never used Sync. Startup is a blank tab.

Debug log has the following:
1544847220030	addons.xpi	WARN	Ignoring missing add-on in C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
Login storage: Opening database at C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\a41z2ple.default\logins.json
Flags: needinfo?(ronoc74)
:keeler please have a look. According to comment 3, this is a regression introduced by bug 1487258.
Blocks: 1487258
Flags: needinfo?(dkeeler)
Couple of debugging questions:

What do you mean by "dismissed"? Do you enter your password or not?
Do you use client certificates?
Do you have any PKCS#11 modules?
Do you have any add-ons?
Are the files key3.db, cert8.db, and secmod.db in your profile? If you (temporarily) remove them, does that fix it?

Thanks!
Flags: needinfo?(dkeeler) → needinfo?(ronoc74)
(In reply to Dana Keeler [:keeler] (she/her) (use needinfo) from comment #5)
> Couple of debugging questions:
> 
> What do you mean by "dismissed"? Do you enter your password or not?

I click cancel.

> Do you use client certificates?
> Do you have any PKCS#11 modules?

I have one certificate, a DigiCert High Assurance EV Root CA. There is a pkcs11.txt file which seems to refer to a module, but is there a simple way to check that one is installed?

> Do you have any add-ons?

Four extensions, but the problem still occurs when these are disabled, and in Safe mode.

> Are the files key3.db, cert8.db, and secmod.db in your profile? If you
> (temporarily) remove them, does that fix it?

No key3.db, but cert8.db and secmod.db are present. Removing them had no effect.

> Thanks!

Thanks for the debugging :)
Flags: needinfo?(ronoc74)
Component: Password Manager → Security: PSM
Product: Toolkit → Core
PKCS#11 modules are configured in about:preferences -> search for "Security Devices" -> click the "Security Devices" button.
Is there a chance you could attach a debugger and get a stack trace for all threads when the password dialog comes up both times?
Flags: needinfo?(ronoc74)
There is a "NSS Internal PKCS #11 Module"

The process has a large number of threads and I can't find a way to dump a stack trace of all threads from VS. Here's the list of threads followed by traces of the main thread from both times. Do you need traces of any other threads in particular?

Not Flagged	>	0x00002404	0x00	Main Thread	Main Thread	win32u.dll!00007ffd127696e4
Not Flagged		0x000024E8	0x00	Worker Thread	BrokerEvent	firefox.exe!sandbox::BrokerServicesBase::TargetEventsThread
Not Flagged		0x0000168C	0x00	Worker Thread	xul.dll!google_breakpad::ExceptionHandler::ExceptionHandlerThreadMain	xul.dll!google_breakpad::ExceptionHandler::ExceptionHandlerThreadMain
Not Flagged		0x000052B0	0x00	Worker Thread	Gecko_IOThread	xul.dll!base::MessagePumpForIO::GetIOItem
Not Flagged		0x00003228	0x00	Worker Thread	JS Watchdog	nss3.dll!_PR_MD_WAIT_CV
Not Flagged		0x00006B58	0x00	Worker Thread	JS Helper	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged		0x000023F0	0x00	Worker Thread	JS Helper	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged		0x00000248	0x00	Worker Thread	JS Helper	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged		0x000037D4	0x00	Worker Thread	JS Helper	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged		0x00002354	0x00	Worker Thread	Timer	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged		0x00006538	0x00	Worker Thread	Link Monitor	xul.dll!nsNotifyAddrListener::Run
Not Flagged		0x00002ED8	0x00	Worker Thread	Socket Thread	mswsock.dll!00007ffd110b6a42
Not Flagged		0x00003CD4	0x00	Worker Thread	mswsock.dll thread	mswsock.dll!00007ffd110bf338
Not Flagged		0x00001368	0x00	Worker Thread	ProxyResolution	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00003088	0x00	Worker Thread	URL Classifier	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00006E50	0x00	Worker Thread	ntdll.dll thread	mozglue.dll!patched_BaseThreadInitThunk
Not Flagged		0x00005298	0x00	Worker Thread	combase.dll thread	combase.dll!00007ffd14bc4217
Not Flagged		0x00006768	0x00	Worker Thread	IPDL Background	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00005AE8	0x00	Worker Thread	VsyncIOThread	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x0000160C	0x00	Worker Thread	WindowsVsyncThread	xul.dll!base::MessagePumpDefault::Run
Not Flagged		0x00006F20	0x00	Worker Thread	Compositor	win32u.dll!00007ffd127696e4
Not Flagged		0x00004C9C	0x00	Worker Thread	ImgDecoder #1	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x000053D0	0x00	Worker Thread	ImageIO	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00003270	0x00	Worker Thread	Cache2 I/O	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00005758	0x00	Worker Thread	Cookie	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00001E50	0x00	Worker Thread	QuotaManager IO	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00006164	0x00	Worker Thread	HTML5 Parser	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00002504	0x00	Worker Thread	GMPThread	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00000988	0x00	Worker Thread	Worker Launcher	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00005F18	0x00	Worker Thread	DOM Worker	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00006FDC	0x00	Worker Thread	StyleThread#0	xul.dll!rayon_core::sleep::Sleep::sleep
Not Flagged		0x00004AA8	0x00	Worker Thread	Cache I/O	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00003350	0x00	Worker Thread	Classifier Update	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x000009F4	0x00	Worker Thread	LoadRoots	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00004F20	0x00	Worker Thread	DOM Worker	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00002DE8	0x00	Worker Thread	StyleThread#1	xul.dll!rayon_core::sleep::Sleep::sleep
Not Flagged		0x00005708	0x00	Worker Thread	StyleThread#2	xul.dll!rayon_core::sleep::Sleep::sleep
Not Flagged		0x0000237C	0x00	Worker Thread	ImageBridgeChild	xul.dll!base::MessagePumpDefault::Run
Not Flagged		0x00004FFC	0x00	Worker Thread	ImgDecoder #2	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00000244	0x00	Worker Thread	DataStorage	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x0000514C	0x00	Worker Thread	PlayEventSound	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x000068CC	0x00	Worker Thread	DNS Resolver #2	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged		0x00004DE0	0x00	Worker Thread	ProcessHangMon	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x000037F0	0x00	Worker Thread	localStorage DB	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged		0x00004004	0x00	Worker Thread	DNS Resolver #1	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged		0x00006A68	0x00	Worker Thread	mozStorage #2	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00003180	0x00	Worker Thread	COM MTA	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00005F44	0x00	Worker Thread	ntdll.dll thread	mozglue.dll!patched_BaseThreadInitThunk
Not Flagged		0x000004A0	0x00	Worker Thread	ntdll.dll thread	mozglue.dll!patched_BaseThreadInitThunk
Not Flagged		0x000056E4	0x00	Worker Thread	mozStorage #1	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00003A2C	0x00	Worker Thread	DOM Worker	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00004F30	0x00	Worker Thread	SSL Cert #5	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00004648	0x00	Worker Thread	combase.dll thread	win32u.dll!00007ffd12761144
Not Flagged		0x00004368	0x00	Worker Thread	mozStorage #3	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x000007B8	0x00	Worker Thread	DOM Worker	xul.dll!ffi_call_win64
Not Flagged		0x00003484	0x00	Worker Thread	IndexedDB #6	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00003508	0x00	Worker Thread	SSL Cert #2	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x000020DC	0x00	Worker Thread	SSL Cert #1	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x00005B08	0x00	Worker Thread	StreamTrans #76	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait_for
Not Flagged		0x000035D0	0x00	Worker Thread	SSL Cert #3	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait
Not Flagged		0x0000462C	0x00	Worker Thread	SSL Cert #4	mozglue.dll!mozilla::detail::ConditionVariableImpl::wait

 	[External Code]	
>	xul.dll!mozilla::widget::WinUtils::WaitForMessage(unsigned long aTimeoutMs) Line 744	C++
 	xul.dll!nsAppShell::ProcessNextNativeEvent(bool mayWait) Line 547	C++
 	xul.dll!nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal * thr, bool mayWait) Line 259	C++
 	xul.dll!nsThread::ProcessNextEvent(bool aMayWait, bool * aResult) Line 1068	C++
 	xul.dll!NS_ProcessNextEvent(nsIThread * aThread, bool aMayWait) Line 468	C++
 	xul.dll!mozilla::SpinEventLoopUntil<mozilla::ProcessFailureBehavior::ReportToCaller,`lambda at z:/build/build/src/xpfe/appshell/nsXULWindow.cpp:380:24'>(nsXULWindow::ShowModal::<unnamed-tag> && aPredicate, nsIThread *) Line 335	C++
 	xul.dll!nsXULWindow::ShowModal() Line 381	C++
 	xul.dll!nsWindowWatcher::OpenWindowInternal(mozIDOMWindowProxy * aParent, const char * aUrl, const char * aName, const char * aFeatures, bool aCalledFromJS, bool aDialog, bool aNavigate, nsIArray * aArgv, bool aIsPopupSpam, bool aForceNoOpener, nsDocShellLoadState * aLoadState, mozIDOMWindowProxy * * aResult) Line 1208	C++
 	xul.dll!nsWindowWatcher::OpenWindow(mozIDOMWindowProxy * aParent, const char * aUrl, const char * aName, const char * aFeatures, nsISupports * aArguments, mozIDOMWindowProxy * * aResult) Line 289	C++
 	xul.dll!XPTC__InvokebyIndex() Line 99	Unknown
 	xul.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx, XPCWrappedNative::CallMode mode) Line 1174	C++
 	xul.dll!XPC_WN_CallMethod(JSContext * cx, unsigned int argc, JS::Value * vp) Line 948	C++
 	xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 535	C++
 	xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590	C++
 	xul.dll!Interpret(JSContext * cx, js::RunState & state) Line 3320	C++
 	xul.dll!js::RunScript(JSContext * cx, js::RunState & state) Line 423	C++
 	xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 563	C++
 	xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590	C++
 	xul.dll!js::Call(JSContext * cx, JS::Handle<JS::Value> fval, JS::Handle<JS::Value> thisv, const js::AnyInvokeArgs & args, JS::MutableHandle<JS::Value> rval) Line 606	C++
 	xul.dll!js::fun_apply(JSContext * cx, unsigned int argc, JS::Value * vp) Line 1318	C++
 	xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 535	C++
 	xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590	C++
 	xul.dll!Interpret(JSContext * cx, js::RunState & state) Line 3320	C++
 	xul.dll!js::RunScript(JSContext * cx, js::RunState & state) Line 423	C++
 	xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 563	C++
 	xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590	C++
 	xul.dll!js::Call(JSContext * cx, JS::Handle<JS::Value> fval, JS::Handle<JS::Value> thisv, const js::AnyInvokeArgs & args, JS::MutableHandle<JS::Value> rval) Line 606	C++
 	xul.dll!JS_CallFunctionValue(JSContext * cx, JS::Handle<JSObject *> obj, JS::Handle<JS::Value> fval, const JS::HandleValueArray & args, JS::MutableHandle<JS::Value> rval) Line 2588	C++
 	xul.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper, unsigned short methodIndex, const nsXPTMethodInfo * info, nsXPTCMiniVariant * nativeParams) Line 1147	C++
 	xul.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex, const nsXPTMethodInfo * info, nsXPTCMiniVariant * params) Line 622	C++
 	xul.dll!PrepareAndDispatch(nsXPTCStubBase * self, unsigned int methodIndex, unsigned __int64 * args, unsigned __int64 * gprData, double * fprData) Line 181	C++
 	xul.dll!SharedStub() Line 61	Unknown
 	xul.dll!PK11PasswordPromptRunnable::RunOnTargetThread() Line 578	C++
 	xul.dll!mozilla::psm::SyncRunnableBase::Run() Line 32	C++
 	xul.dll!nsThread::ProcessNextEvent(bool aMayWait, bool * aResult) Line 1144	C++
 	xul.dll!NS_ProcessNextEvent(nsIThread * aThread, bool aMayWait) Line 468	C++
 	xul.dll!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate * aDelegate) Line 88	C++
 	xul.dll!MessageLoop::RunHandler() Line 308	C++
 	xul.dll!MessageLoop::Run() Line 290	C++
 	xul.dll!nsBaseAppShell::Run() Line 139	C++
 	xul.dll!nsAppShell::Run() Line 409	C++
 	xul.dll!nsAppStartup::Run() Line 272	C++
 	xul.dll!XREMain::XRE_mainRun() Line 4622	C++
 	xul.dll!XREMain::XRE_main(int argc, char * * argv, const mozilla::BootstrapConfig & aConfig) Line 4760	C++
 	xul.dll!XRE_main(int argc, char * * argv, const mozilla::BootstrapConfig & aConfig) Line 4845	C++
 	firefox.exe!do_main(int argc, char * * argv, char * * envp) Line 214	C++
 	firefox.exe!NS_internal_main(int argc, char * * argv, char * * envp) Line 293	C++
 	firefox.exe!wmain(int argc, wchar_t * * argv) Line 129	C++
 	[External Code]	


	[External Code]	
>	xul.dll!mozilla::widget::WinUtils::WaitForMessage(unsigned long aTimeoutMs) Line 744	C++
 	xul.dll!nsAppShell::ProcessNextNativeEvent(bool mayWait) Line 547	C++
 	xul.dll!nsBaseAppShell::OnProcessNextEvent(nsIThreadInternal * thr, bool mayWait) Line 259	C++
 	xul.dll!nsThread::ProcessNextEvent(bool aMayWait, bool * aResult) Line 1068	C++
 	xul.dll!NS_ProcessNextEvent(nsIThread * aThread, bool aMayWait) Line 468	C++
 	xul.dll!mozilla::SpinEventLoopUntil<mozilla::ProcessFailureBehavior::ReportToCaller,`lambda at z:/build/build/src/xpfe/appshell/nsXULWindow.cpp:380:24'>(nsXULWindow::ShowModal::<unnamed-tag> && aPredicate, nsIThread *) Line 335	C++
 	xul.dll!nsXULWindow::ShowModal() Line 381	C++
 	xul.dll!nsWindowWatcher::OpenWindowInternal(mozIDOMWindowProxy * aParent, const char * aUrl, const char * aName, const char * aFeatures, bool aCalledFromJS, bool aDialog, bool aNavigate, nsIArray * aArgv, bool aIsPopupSpam, bool aForceNoOpener, nsDocShellLoadState * aLoadState, mozIDOMWindowProxy * * aResult) Line 1208	C++
 	xul.dll!nsWindowWatcher::OpenWindow(mozIDOMWindowProxy * aParent, const char * aUrl, const char * aName, const char * aFeatures, nsISupports * aArguments, mozIDOMWindowProxy * * aResult) Line 289	C++
 	xul.dll!XPTC__InvokebyIndex() Line 99	Unknown
 	xul.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx, XPCWrappedNative::CallMode mode) Line 1174	C++
 	xul.dll!XPC_WN_CallMethod(JSContext * cx, unsigned int argc, JS::Value * vp) Line 948	C++
 	xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 535	C++
 	xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590	C++
 	xul.dll!Interpret(JSContext * cx, js::RunState & state) Line 3320	C++
 	xul.dll!js::RunScript(JSContext * cx, js::RunState & state) Line 423	C++
 	xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 563	C++
 	xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590	C++
 	xul.dll!js::Call(JSContext * cx, JS::Handle<JS::Value> fval, JS::Handle<JS::Value> thisv, const js::AnyInvokeArgs & args, JS::MutableHandle<JS::Value> rval) Line 606	C++
 	xul.dll!js::fun_apply(JSContext * cx, unsigned int argc, JS::Value * vp) Line 1318	C++
 	xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 535	C++
 	xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590	C++
 	xul.dll!Interpret(JSContext * cx, js::RunState & state) Line 3320	C++
 	xul.dll!js::RunScript(JSContext * cx, js::RunState & state) Line 423	C++
 	xul.dll!js::InternalCallOrConstruct(JSContext * cx, const JS::CallArgs & args, js::MaybeConstruct construct) Line 563	C++
 	xul.dll!InternalCall(JSContext * cx, const js::AnyInvokeArgs & args) Line 590	C++
 	xul.dll!js::Call(JSContext * cx, JS::Handle<JS::Value> fval, JS::Handle<JS::Value> thisv, const js::AnyInvokeArgs & args, JS::MutableHandle<JS::Value> rval) Line 606	C++
 	xul.dll!JS_CallFunctionValue(JSContext * cx, JS::Handle<JSObject *> obj, JS::Handle<JS::Value> fval, const JS::HandleValueArray & args, JS::MutableHandle<JS::Value> rval) Line 2588	C++
 	xul.dll!nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS * wrapper, unsigned short methodIndex, const nsXPTMethodInfo * info, nsXPTCMiniVariant * nativeParams) Line 1147	C++
 	xul.dll!nsXPCWrappedJS::CallMethod(unsigned short methodIndex, const nsXPTMethodInfo * info, nsXPTCMiniVariant * params) Line 622	C++
 	xul.dll!PrepareAndDispatch(nsXPTCStubBase * self, unsigned int methodIndex, unsigned __int64 * args, unsigned __int64 * gprData, double * fprData) Line 181	C++
 	xul.dll!SharedStub() Line 61	Unknown
 	xul.dll!PK11PasswordPromptRunnable::RunOnTargetThread() Line 578	C++
 	xul.dll!mozilla::psm::SyncRunnableBase::Run() Line 32	C++
 	xul.dll!nsThread::ProcessNextEvent(bool aMayWait, bool * aResult) Line 1144	C++
 	xul.dll!NS_ProcessNextEvent(nsIThread * aThread, bool aMayWait) Line 468	C++
 	xul.dll!mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate * aDelegate) Line 88	C++
 	xul.dll!MessageLoop::RunHandler() Line 308	C++
 	xul.dll!MessageLoop::Run() Line 290	C++
 	xul.dll!nsBaseAppShell::Run() Line 139	C++
 	xul.dll!nsAppShell::Run() Line 409	C++
 	xul.dll!nsAppStartup::Run() Line 272	C++
 	xul.dll!XREMain::XRE_mainRun() Line 4622	C++
 	xul.dll!XREMain::XRE_main(int argc, char * * argv, const mozilla::BootstrapConfig & aConfig) Line 4760	C++
 	xul.dll!XRE_main(int argc, char * * argv, const mozilla::BootstrapConfig & aConfig) Line 4845	C++
 	firefox.exe!do_main(int argc, char * * argv, char * * envp) Line 214	C++
 	firefox.exe!NS_internal_main(int argc, char * * argv, char * * envp) Line 293	C++
 	firefox.exe!wmain(int argc, wchar_t * * argv) Line 129	C++
 	[External Code]
Flags: needinfo?(ronoc74)
"socket Thread", "LoadRoots", and any "SSL Cert #" threads would be great (you can attach a text file to this bug if pasting in a comment gets too cumbersome).
Flags: needinfo?(ronoc74)
Flags: needinfo?(ronoc74)
Oh - I thought I had already asked this (seems not), but presumably the about:config preference "security.enterprise_roots.enabled" is set to true? What this means is that on startup, Firefox will look for and import 3rd party root certificates from the windows trust store. To set them as trusted, Firefox needs to unlock your key database (because the trust bits are authenticated with a private key in your key db). If you cancel the dialog, Firefox can't unlock your key db. So, for each root it finds (looks like it finds two in your case), it sees that it needs to unlock the db and asks you to enter your password. It's unclear why this would have behaved differently before bug 1487258, though.

This would take a bit of work to address, but I think it might be worthwhile. In the meantime, your options are to either enter your password when Firefox asks for it (if you enter the right password it should only ask once - otherwise, that would be a bug), remove the password entirely, or disable the enterprise roots feature if you don't need it (although presumably you need it). With regard to having a password, if you already use full disk encryption, have a password to access your user account, and encrypt any backups you make, putting a password on your Firefox profile doesn't contribute much extra to your security posture (particularly given that the crypto the current password system uses is a bit outdated). So, if you take steps to protect the rest of your data, you shouldn't need to have a password just for Firefox.
Assignee: nobody → dkeeler
Keywords: regression
Priority: -- → P1
Summary: Master password prompt appears twice on startup → make CertVerifier directly aware of 3rd party roots rather than going through NSS
Whiteboard: [passwords:master-password] → [psm-assigned]
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Yes, security.enterprise_roots.enabled is true. The certificate turns out to be part of Kaspersky. I found out when I located and edited the security.enterprise_roots.enabled setting in a .cfg file in the Firefox program folder, and Kaspersky flagged an error next time I started Firefox. Disabling the security feature in Kaspersky didn't help, so I'm leaving the setting false in the .cfg file. I do have a couple of other certificates but these are not a problem.

Thanks for your help. It would be nice to not have this interaction with Kaspersky's default settings, but it's not a huge issue.
Duplicate of this bug: 1521131

Before this patch, if the enterprise roots feature were enabled, nsNSSComponent
would gather any such roots and temporarily import them into NSS so that
CertVerifier could use them during path building and trust querying. This turned
out to be problematic in part because doing so would require unlocking the
user's key DB if they had a password. This patch implements a scheme whereby
nsNSSComponent can give these extra roots directly to CertVerifier, thus
bypassing NSS and any need to unlock/modify any DBs. This should also provide a
path forward for other improvements such as not repeatedly searching through all
certificates on all tokens, which has inefficiencies (see e.g. bug 1478148).

Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b828ed311a01
have CertVerifier use any third-party roots rather than going through NSS r=jcj
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla67

Dana, is that something that we would like to uplift in 66 ? thanks

Flags: needinfo?(dkeeler)
Keywords: regression

I'd rather not. There's a workaround for this issue and we would have to uplift bug 1520347 as well.

Flags: needinfo?(dkeeler)
Duplicate of this bug: 1476759
Depends on: 1526007
Regressions: 1578882
You need to log in before you can comment on or make changes to this bug.