Closed Bug 1778540 Opened 9 months ago Closed 8 months ago

Reply window stops responding with mid-screen artifact on Win11 - when using S/MIME + unfriendly smartcard (PKCS#11 security device) that requires unlocking for all operations

Categories

(Thunderbird :: Message Compose Window, defect)

Product:
Thunderbird
Component:
Message Compose Window
Version:
Thunderbird 102
Platform:
x86_64
Windows 11
Type:
defect

Tracking

(thunderbird_esr102 affected, thunderbird103 affected)

Status:
RESOLVED DUPLICATE of bug 1777683
Tracking Flags:
Tracking Status
thunderbird_esr102 --- affected
thunderbird103 --- affected

People

(Reporter: djcatag, Unassigned)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: regression)

Attachments

(8 files, 1 obsolete file)

moz_error.jpg
80.35 KB, image/jpeg
Details
error in console
330.35 KB, image/jpeg
Details
Screenshot 1: Permanently reset toolbars and controls
14.39 KB, image/png
Details
console part1
481.75 KB, image/jpeg
Details
console part2
470.30 KB, image/jpeg
Details
token password window
20.57 KB, image/jpeg
Details
message window
90.47 KB, image/jpeg
Details
token
63.93 KB, image/jpeg
Details
Attached image moz_error.jpg

Steps to reproduce:

After updating to 102 version when i try to replay to an email my replay windows freeze

Actual results:

The replay windows does have any text besides email adresses and is blocked. I cannot write in there, i cannot close...nothing, It has same strange UI in the middle and the only way to close it is to use the task manager to kill it

Expected results:

I should have tha posibility to write and send teh replay

OS: Unspecified → Windows 11
Hardware: Unspecified → x86_64
Version: unspecified → Thunderbird 102

"I should have tha posibility to write and send teh replay" i wanted to write "I should have the posibility to write and send the replay", sorry

Attached image error in console

This is what i get in console when i open the replay window

It only works in Trubleshoot mode. If i just disable add-ons nothing happens

Summary: replay crash → Reply window stops responding with mid-screen artifact on Win11

(In reply to djcata from comment #3)

It only works in Trubleshoot mode. If i just disable add-ons nothing happens

I understand you like this:

  • in troubleshoot mode, your problem is not seen
  • but after just disabling add-ons, you are still seeing the problem, right?

I conclude:

  • your problem not caused by add-ons
  • but caused by other custom settings

As a solution, can you please try this:

  • ≡ > Help > Troubleshoot Mode…
  • After restart, in start-up troubleshoot dialogue, please put a checkmark on Reset toolbars and controls
  • Then click Make changes and restart

I think this should fix the problem for you. Please report back here.

(In reply to djcata from comment #2)

Created attachment 9284586 [details]
error in console

This is what i get in console when i open the replay window

Oh, the console error.
Henry, any ideas? Otherwise please forward

Flags: needinfo?(henry)
Blocks: tb102found

(In reply to Thomas D. (:thomas8) from comment #5)

Oh, the console error.
Henry, any ideas? Otherwise please forward

It seems there are a few things going on. I think this is going in and out of C++ code, so the full call stack is not known, but I could piece some of it together.

On loading the message, there is an attempt to do some encryption prompt from bug 1771122. I think this line https://searchfox.org/comm-esr102/rev/89fc36f18b4a67e13ef37d43c4925ab1b2625d69/mail/components/compose/content/MsgComposeCommands.js#3379 It seems it is triggering a password prompt for something, but I'm not sure why. Kai might know.

This somehow throws another error. It seems there are preceding errors in the console cut off in the screenshot, these might give more insight into what this is.

This error then causes another dialog to open https://searchfox.org/comm-esr102/rev/89fc36f18b4a67e13ef37d43c4925ab1b2625d69/mail/components/compose/content/MsgComposeCommands.js#5050 but then this also throws due to bug 1752288. I'm not sure if this dialog was effected by bug 1703164, but bug 1703164 comment 125 explains how bug 1752288 can cause the dialog to not be sized. I'm pretty sure the circled element in the screenshot is a modal dialog.

Flags: needinfo?(henry)

I have a security token that i am using to sign emails and it worked fine until update; could be the dialog from that ? But it only happens on replay, forward or new mail is ok
I will come back with other info.

(In reply to Thomas D. (:thomas8) from comment #4)

Created attachment 9284607 [details]
Screenshot 1: Permanently reset toolbars and controls

(In reply to djcata from comment #3)

It only works in Trubleshoot mode. If i just disable add-ons nothing happens

I understand you like this:

  • in troubleshoot mode, your problem is not seen
  • but after just disabling add-ons, you are still seeing the problem, right?

I conclude:

  • your problem not caused by add-ons
  • but caused by other custom settings

As a solution, can you please try this:

  • ≡ > Help > Troubleshoot Mode…
  • After restart, in start-up troubleshoot dialogue, please put a checkmark on Reset toolbars and controls
  • Then click Make changes and restart

I think this should fix the problem for you. Please report back here.

No, it does not fix the problem. It only works when i am in Troubleshoot Mode or after i send an email. Every time i send an email after some time not using the app it asks me about security token pin (before the 102 version it only asked this if i was going to sign the email, now it asks no matter what). So, if i first send or forward an email and i put the security token pin, i can replay to messages, but if the first email is a replay i get into the problem that i described.
I hope we can solve this problem.

(In reply to Henry Wilkes (they/them) [:henry] from comment #6)

On loading the message, there is an attempt to do some encryption prompt from bug 1771122. I think this line https://searchfox.org/comm-esr102/rev/89fc36f18b4a67e13ef37d43c4925ab1b2625d69/mail/components/compose/content/MsgComposeCommands.js#3379 It seems it is triggering a password prompt for something, but I'm not sure why. Kai might know.

This somehow throws another error. It seems there are preceding errors in the console cut off in the screenshot, these might give more insight into what this is.

Kai might be able to understand the origin of the security token prompt.

@djcata sharing the missing console message might help. NOTE: you can right click the console message to open a context menu and select "Copy all Messages" or "Save all Messages to File" to just extract the text. Double check if there is any personal information in the messages and remove or replaces these parts (likely none, but just to be sure). You can share the result here as an attachment.

Flags: needinfo?(kaie)
Attached image console part1
Attached image console part2

I attached the 2 parts of the console errors. That is what i get when i try to replaya message. The last error from the part2 console picture, "Toolbox is null" happens when i am trying to open a context menu and select "Copy all Messages" or "Save all Messages to File" .

Attached image token password window

This is the windows that should appear when it asks me the token password (i deleted the token name from the picture)

Attached image message window

This is how the message window looks like. Before the update to 102 version the Encrypt button and message did not exist so i think they are responsible for token password ask eveen if i do not intend to sign or encrypt the message.
The strange part is that happens only on replay message

(In reply to Henry Wilkes (they/them) [:henry] from comment #9)

Kai might be able to understand the origin of the security token prompt.

I think I know what's going on.

The user has a smartcard (PKCS#11 security device) configured.

If S/MIME is configured, when checking whether we can encrypt a message, we need to query the list of available certificates. This includes looking at the certificates that are stored on smartcards.

Some smartcards are "friendly", they allow reading the public certificates at any time.
Some smartcards are "unfriendly", they require the smartcard to be unlocked for any kind of operation.

It seems the user has an unfriendly smartcard, and checking for certificates therefore prompts the user to unlock it.

IIUC this code path triggers a lockup, that's unfortunate.

I would like to know if the fix from bug 1777683 is helping in any way. Without that fix, we'd trigger the check (and the prompt) in the middle of bringing up the composer window.

If that doesn't fix the lockup, we'd have to ensure that we don't trigger the S/MIME check while we are executing other actions on the UI thread, because the prompt for the smartcard pin maybe be blocking the UI thread. Might it work if we post an event to trigger the check?

I'm suggesting the following actions:

  • provide a test binary with the fix from bug 1777683 and ask for testing if it helps the situation.
    (it will trigger a prompt to unlock, but hopefully it will no longer lockup)

  • if the prompt is undesirable, we'd need a way to prevent the check.
    One way could be a pref to disable the "can encrypt this message" check,
    maybe separate prefs for S/MIME and OpenPGP.

Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(kaie)

djcatag: Are you comfortable testing an experimental build?
It will be a build based on Thunderbird 102.0.2, so it will only have minor fixes on top of the regular 102.0.2 version.

I've started the build, but it will take 1-2 hours until it's ready.

Once you download and start it, please repeat your prior workflow, and report if the lockup issue is still there.
(It potentially might be gone, because of the fix for bug 1777336 that the experimental build will include, but I don't have a way to test your scenario.)

Only afterwards, if you still experience the lockup issue, please open Thunderbird settings, find the Config Editor, paste the text mail.smime.remind_encryption_possible, and you should see an additional line with the text "true". Double-click the word "true", and it should change to false. Restart Thunderbird, then try again. (Only the experimental build will support the mail.smime.remind_encryption_possible configuration.)

Keywords: regression
Regressed by: 1771122

I understand you're working on Windows 64bit.
The promised test binary is available for download here:
https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/ZC1vi9XVRH6NOn6Ka-otmQ/runs/0/artifacts/public/build/target.zip

The easiest way to use it is:

  • close all Thunderbird windows
  • download the file and extract it to a new folder somewhere
  • open the folder, find the thunderbird application inside it, and double click to start it
Flags: needinfo?(djcatag)

For reference purposes, here is the link to the build, which shows the included the patches, and has binaries for other platforms are available, too (click the green B then click artifacts):
https://treeherder.mozilla.org/jobs?repo=try-comm-central&revision=69f4fa878fc8402a569e305a5ab904ab63a5199b&selectedTaskRun=ZC1vi9XVRH6NOn6Ka-otmQ.0

(In reply to Kai Engert (:KaiE:) from comment #18)

I understand you're working on Windows 64bit.
The promised test binary is available for download here:
https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/ZC1vi9XVRH6NOn6Ka-otmQ/runs/0/artifacts/public/build/target.zip

I notice there are also "signed" builds, maybe you require that one, windows 64bit:
https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/XTaKXvSaSZC_mE-MYGJkSA/runs/0/artifacts/public/build/target.zip

(In reply to Kai Engert (:KaiE:) from comment #18)

I understand you're working on Windows 64bit.
The promised test binary is available for download here:
https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/ZC1vi9XVRH6NOn6Ka-otmQ/runs/0/artifacts/public/build/target.zip

The easiest way to use it is:

  • close all Thunderbird windows
  • download the file and extract it to a new folder somewhere
  • open the folder, find the thunderbird application inside it, and double click to start it

OK, i will try it.

Flags: needinfo?(djcatag)

(In reply to Kai Engert (:KaiE:) from comment #20)

(In reply to Kai Engert (:KaiE:) from comment #18)

I understand you're working on Windows 64bit.
The promised test binary is available for download here:
https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/ZC1vi9XVRH6NOn6Ka-otmQ/runs/0/artifacts/public/build/target.zip

I notice there are also "signed" builds, maybe you require that one, windows 64bit:
https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/XTaKXvSaSZC_mE-MYGJkSA/runs/0/artifacts/public/build/target.zip

OK. So i tried the signed build and it looks that it is working fine and i do not have that problem anymore. In this buil when i do a replay i get the token password input, not the crappy window that i had before. So i am waiting for this new version :)

djcata:

Simply using this build was sufficient?

You didn't modify the preferences, correct?

Flags: needinfo?(djcatag)

Ye, only using the build, i did not change anything else. Just configured my email account and add the security token.
I did not test it very much because i needed to configure my account in it otherwise the token do not work (it is tied to my email account); but because i did not realized that from the beginning i did not configured my accout completely so i cannot use it instead of my main Thunderbird installation. But i did some tests and i did not get any error.
I will try to do more tests.

Flags: needinfo?(djcatag)
Attached image token

This is the token that i have, if it can help you to test.

(In reply to Kai Engert (:KaiE:) from comment #15)

(In reply to Henry Wilkes (they/them) [:henry] from comment #9)

Kai might be able to understand the origin of the security token prompt.

I think I know what's going on.

The user has a smartcard (PKCS#11 security device) configured.

If S/MIME is configured, when checking whether we can encrypt a message, we need to query the list of available certificates. This includes looking at the certificates that are stored on smartcards.

Some smartcards are "friendly", they allow reading the public certificates at any time.
Some smartcards are "unfriendly", they require the smartcard to be unlocked for any kind of operation.

It seems the user has an unfriendly smartcard, and checking for certificates therefore prompts the user to unlock it.

IIUC this code path triggers a lockup, that's unfortunate.

I would like to know if the fix from bug 1777683 is helping in any way. Without that fix, we'd trigger the check (and the prompt) in the middle of bringing up the composer window.

If that doesn't fix the lockup, we'd have to ensure that we don't trigger the S/MIME check while we are executing other actions on the UI thread, because the prompt for the smartcard pin maybe be blocking the UI thread. Might it work if we post an event to trigger the check?

I'm suggesting the following actions:

  • provide a test binary with the fix from bug 1777683 and ask for testing if it helps the situation.
    (it will trigger a prompt to unlock, but hopefully it will no longer lockup)

  • if the prompt is undesirable, we'd need a way to prevent the check.
    One way could be a pref to disable the "can encrypt this message" check,
    maybe separate prefs for S/MIME and OpenPGP.

I think it is exactly how you described here. Wouldn't be better to not trigger the promt to unlock unless the user choose to encrypt or sign the email ? Or to trigger that promt when user send the message, like it was in previous versions ? For example now if i write a new message after i write an email address automatically i get the promt to unlock even if i will not sign or encrypt the email.

(In reply to djcata from comment #26)

I think it is exactly how you described here. Wouldn't be better to not trigger the promt to unlock unless the user choose to encrypt or sign the email ? Or to trigger that promt when user send the message, like it was in previous versions ? For example now if i write a new message after i write an email address automatically i get the promt to unlock even if i will not sign or encrypt the email.

I cannot control whether you are prompted or not.

Thunderbird simply attempts to look at the certificates you have (for recipients and yourself).

If you get a prompt for unlocking your smartcard at the time you reply to a message, then your smartcard is "unfriendly", and require it be unlocked, even if we just want to look at the certs you have, even if we're not signing yet.

If the "prompt to unlock on reply" bothers you, then we could introduce a new preference (configuration), that disables the check in the composer window. You'd no longer get prompted on reply. However, Thunderbird also wouldn't remind you if encryption is possible (if you have encryption turned off for the message).

The "prompt to unlock on reply" does not bothers me. I just though that would be better like that, but is not something manadatory if it works ok the promt. A configuration that disables/enables the check is always welcome. I do not understand why do i need this "Thunderbird also wouldn't remind you if encryption is possible"; i do not need him to remind me, if i want to encrypt or sign i push that button (or menu). In 99% of my time i only sign, not encrypt. I am sure that are people that want this so the best way i think is to be configurable.
In the end i am pleased if it works and does not block the app, the rest are details.

Summary: Reply window stops responding with mid-screen artifact on Win11 → Reply window stops responding with mid-screen artifact on Win11 - when using S/MIME + unfriendly smartcard (PKCS#11 security device) that requires unlocking for all operations

Ok. So let's hope that this bug is really fixed for everyone by applying the patch from bug 1777683. That's our current understanding, and therefore I'm resolving this as a duplicate. Please comment again if you're using 102.0.3 (which will likely have that fix) and you still get this problem.

Nevertheless, the additional patch I've attached here might still make sense for some users. Either for experimenting, or because checking for S/MIME recipients is slow. I'll move the patch to a separate bug, for better tracking.

Status: NEW → RESOLVED
Closed: 8 months ago
Resolution: --- → DUPLICATE
See Also: → 1779838

Comment on attachment 9285336 [details]
WIP: Bug 1778540 - Add prefs to disable the "can encrypt this email" reminder.

Revision D151735 was moved to bug 1779838. Setting attachment 9285336 [details] to obsolete.

Attachment #9285336 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.