Firefox crashes after clicking `Create a passkey` in Google Account > Security > Passkeys
Categories
(Core :: DOM: Web Authentication, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox123 | --- | disabled |
| firefox124 | --- | disabled |
| firefox125 | --- | fixed |
People
(Reporter: mozillabz, Assigned: jschanck)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
Steps to reproduce:
macOS 13.6.5
Firefox 125.0a1 (2024-03-10) (64-bit)
- login on google.com
- open Security > Passkeys and security keys
- click Create a passkey
To test this, in about:config I switched security.webauthn.webauthn_enable_android_fido2.residentkey to true.
On https://webauthn.io/ when entering a random username and clicking Register Firefox crashed:
bp-5d6f3065-e2f8-45c5-903b-aaded0240310
Probably fair to say that passkey implementation currently is not functional in regards to creation of passkeys.
Hope this can be looked into and resolved 🤕
Actual results:
Firefox crashed. This seems 100 % reproducible. Here are three Report IDs:
bp-a03f10ba-8669-4720-b5a7-5c74d0240310
bp-662e6844-b549-4701-94d3-6c3380240310
bp-6c647aa9-50ab-4986-8a9c-d68a10240310
Expected results:
No Crash, instead a passkey should have been created.
|
||
Comment 1•2 months ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::DOM: Web Authentication' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Creating a passkey on google.com in Safari did not crash and I got to the step where Safari is informing about enabling iCloud Keychain, which I am not using. When then clicking "ok" I land on the same error where Firefox sometimes lands when not crashing:
Something went wrong
Picture of a broken pen
We weren’t able to save your changes. Return to your account settings and try again.
Likely related: https://bugzilla.mozilla.org/show_bug.cgi?id=1868958
Due to the lack of browser based API, apparently having iCloudKeychain enabled is a hard requirement to generate passkeys on macOS. Wasn't sure about that and thought Apple had done a more thorough implementation, hope they'll still deliver on that.
Followed https://support.apple.com/guide/mac-help/set-icloud-keychain-autofill-information-mac-mh43699/13.0/mac/13.0 to activate iCloudKeychain.
The good news: Firefox no longer crashes when clicking Create a passkey. So one thing to do, would be to show the macOS (or custom) dialog informing users about the iCloud Keychain requirement instead of crashing when iCloud Keychain is not actively used.
And then I am still not sure what's going wrong, even with iCloud Keychain enabled, that the error "Something went wrong - We weren’t able to save your changes. Return to your account settings and try again." is shown.
This feels like two separate problems.
On https://webauthn.io/ even with iCloud Keychain enabled the first click on "Register" resulted in an instant crash which is reproducible:
bp-e4ff660e-8325-4a04-8915-22e5a0240310
bp-76429b6e-ef91-4653-948d-0338e0240310
When it does not crash a click on Register does nothing visible.
Console says:
Conditional UI error: NotAllowedError: The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission.
r https://webauthn.io/static/js/simplewebauthn-browser.8.2.1.umd.min.js:2
startAuthentication https://webauthn.io/static/js/simplewebauthn-browser.8.2.1.umd.min.js:2
startAuthentication https://webauthn.io/static/js/simplewebauthn-browser.8.2.1.umd.min.js:2
s https://webauthn.io/static/js/simplewebauthn-browser.8.2.1.umd.min.js:2
s https://webauthn.io/static/js/simplewebauthn-browser.8.2.1.umd.min.js:2
s https://webauthn.io/static/js/simplewebauthn-browser.8.2.1.umd.min.js:2
promise callbackc https://webauthn.io/static/js/simplewebauthn-browser.8.2.1.umd.min.js:2
a https://webauthn.io/static/js/simplewebauthn-browser.8.2.1.umd.min.js:2
promise callbackc https://webauthn.io/static/js/simplewebauthn-browser.8.2.1.umd.min.js:2
n https://webauthn.io/static/js/simplewebauthn-browser.8.2.1.umd.min.js:2
n https://webauthn.io/static/js/simplewebauthn-browser.8.2.1.umd.min.js:2
startAuthentication https://webauthn.io/static/js/simplewebauthn-browser.8.2.1.umd.min.js:2
_startAuthentication https://webauthn.io/:647
init https://webauthn.io/:425
promise callbackinit https://webauthn.io/:421
fn https://webauthn.io/static/js/alpinejs-3.10.2.min.js:5
k https://webauthn.io/static/js/alpinejs-3.10.2.min.js:5
<anonymous> https://webauthn.io/static/js/alpinejs-3.10.2.min.js:5
D https://webauthn.io/static/js/alpinejs-3.10.2.min.js:5
r https://webauthn.io/static/js/alpinejs-3.10.2.min.js:5
n https://webauthn.io/static/js/alpinejs-3.10.2.min.js:5
tr https://webauthn.io/static/js/alpinejs-3.10.2.min.js:5
w https://webauthn.io/static/js/alpinejs-3.10.2.min.js:5
sr https://webauthn.io/static/js/alpinejs-3.10.2.min.js:5
sr https://webauthn.io/static/js/alpinejs-3.10.2.min.js:5
<anonymous> https://webauthn.io/static/js/alpinejs-3.10.2.min.js:5
VoidFunction https://webauthn.io/static/js/alpinejs-3.10.2.min.js:5
<anonymous> https://webauthn.io/static/js/alpinejs-3.10.2.min.js:5
Caused by: DOMException: The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission.
"The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission." is interesting. Which permission are we talking about? And were would I enabled that permission?
Sorry, spoke too soon. Crashes when clicking "Create a passkey" on google.com are also persisting:
bp-338de066-efd5-4b47-9fa0-f2dac0240310
bp-6fed6fc3-4b94-44a2-8872-514270240310
|
||
Comment 6•2 months ago
•
|
||
Crash report: https://crash-stats.mozilla.org/report/index/a03f10ba-8669-4720-b5a7-5c74d0240310
MOZ_CRASH Reason: MozPromise::ThenValue created from 'RecvRequestRegister' destroyed without being either disconnected, resolved, or rejected (dispatchRv: not dispatched)
Top 10 frames of crashing thread:
0 XUL MOZ_Crash mfbt/Assertions.h:301
0 XUL mozilla::MozPromise<RefPtr<nsIWebAuthnRegisterResult>, nsresult, true>::ThenValueBase::AssertIsDead xpcom/threads/MozPromise.h:525
1 XUL mozilla::MozPromise<RefPtr<nsIWebAuthnRegisterResult>, nsresult, true>::AssertIsDead xpcom/threads/MozPromise.h:1117
2 XUL mozilla::MozPromise<RefPtr<nsIWebAuthnRegisterResult>, nsresult, true>::~MozPromise xpcom/threads/MozPromise.h:1160
3 XUL mozilla::MozPromise<RefPtr<nsIWebAuthnRegisterResult>, nsresult, true>::Private::~Private xpcom/threads/MozPromise.h:255
3 XUL mozilla::MozPromise<RefPtr<nsIWebAuthnRegisterResult>, nsresult, true>::Private::~Private xpcom/threads/MozPromise.h:255
3 XUL mozilla::MozPromise<RefPtr<nsIWebAuthnRegisterResult>, nsresult, true>::Private::~Private xpcom/threads/MozPromise.h:255
4 XUL mozilla::MozPromiseRefcountable::Release xpcom/threads/MozPromise.h:150
4 XUL mozilla::RefPtrTraits<mozilla::MozPromise<RefPtr<nsIWebAuthnRegisterResult>, nsresult, true>::Private>::Release mfbt/RefPtr.h:49
4 XUL RefPtr<mozilla::MozPromise<RefPtr<nsIWebAuthnRegisterResult>, nsresult, true>::Private>::ConstRemovingRefPtrTraits<mozilla::MozPromise<RefPtr<nsIWebAuthnRegisterResult>, nsresult, true>::Private>::Release mfbt/RefPtr.h:409
All the crashes appear to be in Nightly and Early Beta.
|
|
||
Comment 7•2 months ago
|
||
The bug has a crash signature, thus the bug will be considered confirmed.
|
Assignee | |
Comment 8•2 months ago
|
||
|
|
Assignee | |
Updated•2 months ago
|
|
|
Assignee | |
Updated•2 months ago
|
|
||
Updated•2 months ago
|
|
||
Comment 9•2 months ago
|
||
All the crashes appear to be in Nightly and Early Beta.
The crash is a diagnostic assert, which are only enabled in nightly and early beta.
|
||
Comment 10•2 months ago
|
||
Pushed by jschanck@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7c2abade08a4 avoid dropping pending promise in MacOSWebAuthnService. r=dveditz
|
||
Comment 11•2 months ago
|
||
| bugherder | ||
|
Reporter | |
Comment 12•2 months ago
|
||
Thanks a lot for resolving this issue so quickly, great work and much appreciated.
Trying to verify the fix in 125.0a1 (2024-03-15) (64-bit) (just updated)
On google.com
Tried "+ Create a passkey > Create a passkey" and "+ Create a passkey > Use another device". Both operations result in error "Something went wrong - We weren’t able to save your changes. Return to your account settings and try again."
Console says:
Uncaught (in promise) DOMException: The operation was aborted.
VERY_LONG_STRING_HERE:1204
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://play.google.com/log?format=json&hasfast=true&authuser=0. (Reason: CORS request did not succeed). Status code: (null).
On webauthn.io
When entering a username and clicking "Register" nothing happens. Console says:
Conditional UI error: NotAllowedError: The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission.
This may already sufficiently verify the fix since in none of the tests Firefox crashed and that is what the bug here is about. Do we need a separate issue about the remaining registration issue? Do you think the ongoing trouble on webauthn.io and google.com is the same problem or would those be separate issues?
|
|
Assignee | |
Comment 13•2 months ago
|
||
Let's use this bug for the crash and consider the fix verified.
There's definitely a separate issue here. We were never able to reproduce the crash you reported, so I suspect it affects a narrow range of macOS versions. I'll have access to a macOS 13.6.5 machine later today. I'll open a new bug and link it here if I'm able to reproduce the issue.
|
|
Assignee | |
Comment 14•1 month ago
|
||
I filed Bug 1886247. However, we've also determined that the issue is not on our end. We're expecting a fix from Apple soon.
Description
•