Open Bug 1529003 Opened 5 years ago Updated 2 years ago

NSS S/MIME code apparently not threadsafe

Tracking

(Not tracked)

Status:

NEW

People

(Reporter: KaiE, Unassigned)

References

Details

(Whiteboard: [cms][smime][thunderbird])

Kai Engert (:KaiE:)

Reporter

Description

•

5 years ago

The top crasher in Thunderbird is a memory corruption in NSS. We crash while destroying a certificate object.

Apparently whenever we crash. we have more than one background thread active that performs S/MIME signature verification.

As an experiment, we serialized the background use of S/MIME verification with a global mutex. Since that change, we no longer see that crash.

I conclude this means that the NSS S/MIME code isn't threadsafe.

(I understand that NSS claims that it's threadsafe, and from past experience, other code related to TLS and cryptography in NSS indeed appears to be safe.)

J.C. Jones [:jcj] (he/him)

Updated

•

5 years ago

Priority: -- → P3

Whiteboard: [cms][smime][thunderbird]

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

NSS S/MIME code apparently not threadsafe

Categories

(NSS :: Libraries, enhancement, P3)

Tracking

(Not tracked)

People

(Reporter: KaiE, Unassigned)

References

Details

(Whiteboard: [cms][smime][thunderbird])

Crash Data

Security

(public)

User Story

Description

Updated

Updated