Closed Bug 335436 Opened 19 years ago Closed 11 years ago

Upgrade to NetSign CAC 5.5 crashes FireFox

Categories

(NSS :: Libraries, defect)

3.11
x86
Windows XP
defect
Not set
critical

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: rex.peralta, Unassigned)

Details

(Keywords: crash)

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 After an upgrade from NetSign CAC 4.2 to NetSign CAC 5.5, FireFox crashes. I am using FireFox version 1.5.0.2. The error that comes up is: firefox.exe - Application Error The instruction at "0x00000100" referenced memory at "0x00000100". The memory could not be "read". It looks like the latest version of the core32.dll does not agree with FireFox. After uninstalling, then reinstalling FireFox, it no longer crashes. Once NetSign is added as a PKCS#11 device, FireFox crashes. Functionality can be restored by reverting to a known good copy of the profile folder (%APPDATA%\Mozilla). Reproducible: Always Steps to Reproduce: Upgrade from a working FireFox/NetSign CAC 4.2 install to NetSign CAC 5.5 or Add NetSign CAC 5.5 as a PKCS#11 device 1. Go to Tools->Options. 2. Go to Advanced->Security->Security Devices. 3. In the Device Manager window, click Load. 4. In Load PKCS#11 Device window, fill out the following fields: Module Name: NetSign Module filename: C:\Windows\System32\core32.dll 5. Click OK. 6. Click OK to Confirm adding the device. Note: The above procedure works with no issues under FireFox (1.x - 1.5.0.2) and NetSign CAC 4.2. Actual Results: FireFox crashes with the following error: firefox.exe - Application Error The instruction at "0x00000100" referenced memory at "0x00000100". The memory could not be "read". Expected Results: Device gets added successfully and I am able to log onto CAC-enabled websites. NetSign CAC is the middleware used to enable use of the DoD CAC (Common Access Card) Smart Card for website logon, digital signatures, encryption, etc.
Assignee: nobody → kengert
Component: OS Integration → Security: PSM
Product: Firefox → Core
QA Contact: os.integration
Version: unspecified → Other Branch
I've successfully loaded the core32.dll under Netscape 8.1. I'm not sure what the underlying PSM version is.
Assignee: kengert → nobody
Component: Security: PSM → Libraries
Keywords: crash
Product: Core → NSS
QA Contact: libraries
Version: Other Branch → 3.11
It shounds like the crashing module is not NSS/Firefox, but the third party pkcs#11 provider. Did Netsign verify their software works in your configuration?
(In reply to comment #2) > It shounds like the crashing module is not NSS/Firefox, but the third party > pkcs#11 provider. > > Did Netsign verify their software works in your configuration? > No, they did not. Netscape 7.2 is the latest non-IE browser listed on the compatibility list. I have filed a support request with them via their web site, but being a regular Army user, I'm not sure what support I'm entitled to.
Netsign CAC 5.5.129 is the latest. 4.2.128 (patch e), 5.5.71, 5.5.128 and 128 all worked with Firefox 1.08. I do not have 1.08 and would like to get to test, can't find anywhere on the sites. Where can I get. A number of user where using 5.5.x with 1.08 and no issue's reported until updated to 1.5 and began to fail as described below. Don't believe Core32.dll was changed in 4.2.128 (patch e - unofficial) 5.5.71 to support Cisco VPN but still met the PKCS#11 for DoD CAC middleware and still worked with Firefox 1.08 as reported. Where can I download 1.08 and other versions so I can test. If the vendor decides to test, they will also need this. Without a fix, our will be forced to use IE or go back to Netscape 7.2. I may be able to get more detail about the core32 but what changed between 1.08 and 1.5? We still have a maintance contract through sept.
this seems promising: http://www.mozilla.com/products/download.html?product=firefox-1.0.8&os=win&lang=en-US note that i invented the url, so you should be able to change the bits or pieces if you want some other strange variant.
(In reply to comment #4) > We still have a maintance contract through sept. with whom?
So NetSign CAC 4.2 works, but NetSign CAC 5.5 does not? and only on FF 1.5.* We should verify that CAC 5.5 either 1) exports a PKCS 2.01 interface (claims 2.01), or 2) that it correctly implements C_WaitForSlotEvent. The C_WaitForSlotEvent call is the major change in FF 1.5 that is likely to trip over this problem PKCS #11 modules prior to 2.02 did not have this inteface, but any pkcs #11 module which claims to implement pkcs #11 2.02 and above needs to at least have this interface defined (it's ok to return CKR_FUNCTION_NOT_SUPPORTED). There was a in the FF 1.5 Beta where NSS was not checking the version number of the PKCS #11 module and calling the C_WaitForSlotEvent even on 2.01 modules. This produced the same sort of crash. Given the symptoms, my guess is 5.5 is now claiming to be a >2.01 module but did not add an implementatin for C_WaitForSlotEvent. Do we have a contact in SafLink I can talk to? bob
(In reply to Kai Engert (:kaie) from comment #2) > It shounds like the crashing module is not NSS/Firefox, but the third party > pkcs#11 provider. > > Did Netsign verify their software works in your configuration? rex's address is no longer valid. => Invalid based on comment 2
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.