Firefox hangs/freezes if a pkcs11 module is loaded (follow-up to bug 1682881)
Categories
(Core :: Security: PSM, defect)
Tracking
()
People
(Reporter: RyanVM, Unassigned)
References
(Regression)
Details
(Keywords: hang, regression)
This is the follow-up to bug 1682881 where the crashes were addressed. However, users report that there are still hangs persisting even with that fix included. These hangs affect 84-86, further supporting the idea that there's more work needed.
|
||
Comment 1•3 years ago
|
||
:RyanVM, since this bug is a regression, could you fill (if possible) the regressed_by field?
For more information, please visit auto_nag documentation.
|
||
Updated•3 years ago
|
|
||
Comment 2•3 years ago
|
||
Uplift of NSS will be tracked in bug 1684262.
|
||
Comment 3•3 years ago
|
||
Should this be closed as duplicate of bug 1682863?
|
Reporter | |
Comment 4•3 years ago
|
||
(In reply to Kevin Jacobs [:kjacobs] from comment #2)
Uplift of NSS will be tracked in bug 1684262.
Fx 84.0.1 is looking stable enough that I think we can let this follow-up work ride 85 at this point. Let me know if you feel strongly otherwise.
|
|
||
Comment 5•3 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM] from comment #4)
(In reply to Kevin Jacobs [:kjacobs] from comment #2)
Uplift of NSS will be tracked in bug 1684262.
Fx 84.0.1 is looking stable enough that I think we can let this follow-up work ride 85 at this point. Let me know if you feel strongly otherwise.
Yes, I'm okay with that.
|
||
Comment 7•3 years ago
|
||
Hi! Hope I'm posting on the right bug report. If not, I apologize in advance.
I confirm that this bug remains in Firefox 84.0.1. The browser hangs completely and consistently (100% of the time) regardless of the webpage I'm trying to access - even if it doesn't require the certificate at all -, if the A3 token is connected to the computer. It doesn't always provide a crash report to submit to you.
I'm using a GD Burti StarSign Crypto token as the A3 Certificate Storage. The library for the PKCS#11 Module is aetplss1.dll and it is loaded directly on Firefox through the Security Devices menu. Following the procedure listed [here] (https://blog.mozilla.org/security/2020/04/14/expanding-client-certificates-in-firefox-75/) and delisting the PKCS#11 module manually installed through the Security Devices menu worked for me.
Finally, considering that I haven't seen the information floating around this bugzilla yet and the plan to postpone solution until the v. 85 release, I would like to point out that several branches of the brazilian Judiciary (both at federal and state levels) have been strongly relying on Firefox to provide access to case files and court proceedings, which have become exclusively digital in recent years. I believe it is important that you know that the ample majority of case files and legal motions in Brazil are accessed and filed exclusively through the web, and also the majority of the court summons and notices are served by manual access to the court's webpage, which is mandatory for lawyers and may result in default if not manually checked within a certain timeframe. See [Brazilian Federal Statute n. 11.419/06] (http://www.planalto.gov.br/ccivil_03/_ato2004-2006/2006/lei/l11419.htm).
I've been a lawyer in Brazil for ten years now, and in my experience, most courts' websites have been designed to work optimally with Firefox only. Some websites lose critical functionality (for instance, the ability to file motions or digitally sign documents) if accessed through any other browser (IE or Chrome included).
Regardless of their poor design choices (reliance on a single web browser), the fact is that this bug has the potential to cause mass disruption of service for these Judiciary branches, specially when they return from judicial vacation, which started on December 20th and will last until January 20th.
If you require further information on this dependancy, I can provide these links as examples (portuguese):
https://projudi.tjgo.jus.br/
https://ppe.tjrs.jus.br/ppe/signin
Hope it helps.
|
|
||
Comment 8•3 years ago
|
||
AIUI these hangs should be fixed with the nss update in 85 and 86.
Description
•