Crash in Athena Smartcard Solutions' asepkcs.dll module
Categories
(External Software Affecting Firefox :: Other, defect, P3)
Tracking
(Not tracked)
People
(Reporter: gsvelto, Unassigned)
Details
(Keywords: crash)
Crash Data
Crash report: https://crash-stats.mozilla.org/report/index/9c9285c5-6371-4dfc-a161-486370230929
Reason: EXCEPTION_ACCESS_VIOLATION_READ
Top 5 frames of crashing thread:
0 ? (unloaded asepkcs.dll@0x6d150)
1 user32.dll UserCallWinProcCheckWow
2 user32.dll DispatchClientMessage
3 user32.dll __fnINDEVICECHANGE
4 ntdll.dll KiUserCallbackDispatcher
This affects Thunderbird disproportionately more than it affects Firefox (the volume is 10x there). Affected users seem to be mostly from the IT-it locale and are using smartcard readers from the Athena Smartcard Solutions. A quick search for the affected module turns out several Italian institutional pages distributing the smartcard driver, including instructions to make it work with Firefox:
- https://www.regione.toscana.it/servizi-online/servizi-sicuri/carta-sanitaria-elettronica/guida-all-uso
- https://www.pec.it/gestione-supporto-firma-digitale.aspx
- https://www.partnerdata.it/athena-smartcard-driver-download/
I couldn't find the vendor page though.
|
||
Comment 1•7 months ago
•
|
||
Athena Smartcard Solutions is apparently now part of NXP. Anyway, this DLL seems intended for use as a security device module in Firefox as described here. The crashes look as if the DLL starts its own thread in our process as part of its (DllMain?) execution, but later the DLL gets unloaded (presumably by us?) and that thread is still running, hence the thread crashes when it reaches an address from the unloaded DLL. One user comment mentions crashing upon removing a USB device but the other comments seem less directly related (e.g. opening a PDF).
This kind of DLLs seem stored in the PKCS11ModuleDB. [:keeler], can you clarify under which circumstances these DLLs get loaded and unloaded normally? Is it expected that they can start their own threads?
Users can manually add and remove them using the device manager in about:preferences (under Security Devices...). Some users install add-ons that can add or remove these modules, as well. A properly-written module would stop any threads upon being unloaded, but these modules often have bugs. Users generally shouldn't need to load these modules at all - the osclientcerts module provides almost all of the functionality provided by them. Users also generally shouldn't need to unload them once they're loaded.
|
||
Updated•7 months ago
|
|
|
||
Comment 3•7 months ago
•
|
||
Athena is at least the supplier of smart card modules for the Italian Regional Health Card system and there has been instances in the past where some versions of the driver that got installed when branching the device or served from Italian official websites would crash Thunderbird, even when the card was not being used (bug 1463153, bug 1560052). From the discussions there, I am unable to tell if what we are seeing here is the continuation of a very old, never solved issue or something new.
Edit: Looking at the signatures and discussions more closely, this really looks like bug 1560052 actually.
|
||
Comment 4•7 months ago
|
||
I just became aware of this crash. It ranks in top 5 for Thunderbird 115.3.3. But the average reporter crashes 3-4 times, so I say this scope of Thunderbird population affected is quite limited, as you might expect.
Yannis is correct in everything stated in comment 3. I was the point person so to speak in both bug reports. bug 1560052 was in 2020. My guess is the problem and solution will be the same in this most current example. So look toward blocklisting it.
|
|
||
Comment 5•7 months ago
|
||
I have some software contacts who might still be active, if we need to reach out.
Description
•