FIPS mode enabled | Crash at startup of new sessions
Categories
(Core :: Security: PSM, defect)
Tracking
()
People
(Reporter: lamalbrut, Unassigned)
Details
Attachments
(2 files)
firefox_93_primary_password_UI_1.png
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0
Steps to reproduce:
Reference: in page 'about:crashes': bp-5ca1bd7a-9184-4359-933c-e9ade0211027
To be reproduced:
Create a new profile, e.g. fips-named.
- In 'about:preferences#home', set an HTTPS URL for the homepage and new windows; No matter that the TLS version involved is 1.2 or the latest, 1.3; e.g. https://www.mozilla.org/en-US/firefox/.
- Set a primary password; no matter the entropy's strength; e.g. p.
- In Settings → in page 'about:preferences#privacy' → Security devices... → select NSS Internal PKCS #11 Module → click on the <kbd>Enable FIPS</kbd> button → click <kbd>OK</kbd> → click <kbd>OK</kbd>. Who knows what is the enabled FIPS specification? if i would have to guess that would be 140-2.
- In 'about:config' filter the search against "ssl3" then disable non-FIPS TLS cipher suites by settings their boolean values to false; You may know the right selection; i don't.
- Restart your session.
Actual results:
The chronology leads the user to enter the primary password into two interfaces' fileds, in this order: firefox_93_primary_password_UI_1.png, firefox_93_primary_password_UI_2.png.
As a result a crash occurs.
Notes: In the next sessions, firefox_93_primary_password_UI_2.png alone is exhibited. At last, since the profile cannot be used, it must be deleted, with all its data, either via the Profile Manager application or a profile whose 'about:profiles' page can be accessed.
Expected results:
That operation to be operational.
Description
•