Closed Bug 1632054 Opened 5 years ago Closed 5 years ago

Extension not working properly on RPM Linux OS (CentOS/Fedora) but works well on DEB/MacOS and Windows

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
68 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: mosh.werner, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0

Steps to reproduce:

Downloaded "PKCS11 loader" Extension. (Link - https://addons.mozilla.org/en-US/firefox/addon/pkcs11-module-loader/?src=search)
Restart Firefox.
Went to about:preferences#privacy --> Security Device to see if the PKCS#11 is loaded

Actual results:

The PKCS#11 module was not loaded on all RPM linux OS (CentOS 7x64, CentOS8x64 ,Fedora 30x64 and Fedora 30x86)

The module loaded fine on Ubuntu 18x64, macOS 10.15 and Windows7/10

Expected results:

The PKCS#11 module should have been loaded on CentOS and Fedora as well.

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Product: Firefox → WebExtensions

How/why do you think that this is a bug in Firefox code, and not in the extension code itself?

Flags: needinfo?(mosh.werner)

(In reply to Andre Klapper from comment #2)

How/why do you think that this is a bug in Firefox code, and not in the extension code itself?

Why does it work across all other platforms? it works fine on windows, macos and debian based os. that is why...

If there's a way I can produce logs, it would help I assume

Flags: needinfo?(mosh.werner)

Why the add-on (and/or that additional "ID-Software", whatever that is) works across all other platforms is probably a question for the add-on developers, and also how to produce logs. I still don't see a reason why this is an issue in Firefox itself?

Flags: needinfo?(mosh.werner)

(In reply to Andre Klapper from comment #4)

Why the add-on (and/or that additional "ID-Software", whatever that is) works across all other platforms is probably a question for the add-on developers, and also how to produce logs. I still don't see a reason why this is an issue in Firefox itself?

OK well, we don't agree at all, for me it seems like an issue with Firefox, the code is very simple and uses Firefox's own functions.

Flags: needinfo?(mosh.werner)

(In reply to Mosh Werner from comment #5)

(In reply to Andre Klapper from comment #4)

Why the add-on (and/or that additional "ID-Software", whatever that is) works across all other platforms is probably a question for the add-on developers, and also how to produce logs. I still don't see a reason why this is an issue in Firefox itself?

OK well, we don't agree at all, for me it seems like an issue with Firefox, the code is very simple and uses Firefox's own functions.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID

Mosh: You are stating that "the code is very simple". I look at https://addons.mozilla.org/en-US/firefox/addon/pkcs11-module-loader/ and cannot find any links to code. Where is the source code located that you looked at?

(In reply to Andre Klapper from comment #7)

Mosh: You are stating that "the code is very simple". I look at https://addons.mozilla.org/en-US/firefox/addon/pkcs11-module-loader/ and cannot find any links to code. Where is the source code located that you looked at?

Hi, I would like to confirm what you say to make sure I don't waste your time.
I can send you the source code but I've looked at the broswer console and the issue is

Security Error: Content at moz-nullprincipal
NS_ERROR_DOM_BAD_URI: Component returned failure code: 0x805303f4 [nsIWebNavigation.loadURI]

This only happens on RPM machines.

Hi, I'm not sure what you mean by "sending the source code"? Are you the extension author? And/or do you imply the extension code is not public?

Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---

(In reply to Andre Klapper from comment #9)

Hi, I'm not sure what you mean by "sending the source code"? Are you the extension author? And/or do you imply the extension code is not public?

Must have been a misunderstanding as I thought you implied its not public since you can't see it and I offered my help.

The error seems to be related to security and permissions happening on CentOS/Fedora only.

Well, https://addons.mozilla.org/en-US/firefox/addon/pkcs11-module-loader/ says that it requires that some "ID-Software (including ID-card drivers) must also be installed on computer", and I cannot find a source code link on https://www.id.ee , hence my question to you.

The error seems to be related to security and permissions happening on CentOS/Fedora only.

(Then I'd personally still say that there is no bug in Firefox itself, if that "ID-Card" software has problems interacting with SELinux or whatever...)

The priority flag is not set for this bug.
:mixedpuppy, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(mixedpuppy)

@jcj, maybe related to bug 1636100? maybe not, but I'm wondering if this belongs in the same component.

Flags: needinfo?(mixedpuppy) → needinfo?(jjones)

Related, but not directly. Bug 1636100 only affects Windows, and the error messages are different. Also, the regression point is 76.0a1, whereas this bug goes back to at least Firefox 75.

Security Error: Content at moz-nullprincipal
NS_ERROR_DOM_BAD_URI: Component returned failure code: 0x805303f4 [nsIWebNavigation.loadURI]

There's been a lot of improvements to the principal code of late, a moz-nullprincipal looks pretty suspicious to be ending up in an addon-script. Chrisoph has been leading most of the principal improvements -- Christoph, do you have any pointers?

Flags: needinfo?(jjones) → needinfo?(ckerschb)

Hi all, I found out what was the issue.

The PKCS#11 module location differs from Ubuntu based OS and CentOS based OS.
This is regarding the 64bit machines.

While in Ubuntu, the PKCS#11 json file needs to be located at : /usr/lib/mozilla/pkcs11-modules/
On CentOS it should be located at : /usr/lib64/mozilla/pkcs11-modules/

I'm not sure why this is, lib64 will not work for Ubuntu.

(In reply to Mosh Werner from comment #15)

I'm not sure why this is, lib64 will not work for Ubuntu.

I am not sure what that means for this bug.

(In reply to J.C. Jones [:jcj] (he/him) [increased latency due to COVID-19] from comment #14)

There's been a lot of improvements to the principal code of late, a moz-nullprincipal looks pretty suspicious to be ending up in an addon-script. Chrisoph has been leading most of the principal improvements -- Christoph, do you have any pointers?

Regarding the NullPrincipal though, that seems correct to me though. We try to use NullPrincipal for top-level loads wherever possible.

Flags: needinfo?(ckerschb)

Given comment 15, changing component

Component: Untriaged → Security: PSM
Product: WebExtensions → Core

https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_manifests#PKCS_11_manifests says the add-on manifest specifies the path to the module. If the add-on is supplying the wrong path, Firefox can't do anything about that - the add-on needs to be fixed.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago5 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.