bugzilla.mozilla.org will be intermittently unavailable on Saturday, March 24th, from 16:00 until 20:00 UTC.

Software Security Device requests master password at startup (after adding a certificate)




10 years ago
9 years ago


(Reporter: Scott Martin, Unassigned)


Firefox Tracking Flags

(Not tracked)


(Whiteboard: [needs reproducing, maybe needs clearer steps to repro])



10 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5

I obtained a Thawte email certificate following the steps at http://www.thawte.com/secure-email/personal-email-certificates/ . Since then, if I have a master password set, the/a(?) Software Security Device requests it to be entered every time Firefox is started.

Reproducible: Always

Steps to Reproduce:
1. Install a certificate.
2. Set a master password.
3. Start Firefox.
Actual Results:  
Master password is requested.

Expected Results:  
Normal startup.
Did you have a master password set before? I can't think of any password requests that would be triggered by adding a certificate. Does your home page have a password field on it?

Comment 2

10 years ago
No, I didn't have one, and no, it doesn't. I'm not sure there's a direct connection to the certificate, but I'd never heard of the SSD before the installation.

Comment 3

10 years ago
I have MANY certificates in my Firefox (but none issued by Thawte). I am NEVER requested a master pwd on startup unless I start with a page that requires a password to be entered.

Have you tried to have a different certificate in FF and not to have a Thawte one (though it shouldn't make any difference)?

What exactly is your homepage? Try setting it to about:blank. May be it does not have a password field, but somehow tries to establish secure communication thus causing FF to try to use the SSD.
I also see this problem since upgrading to Thunderbird 3. I have an S/MIME email certificate. Thunderbird 2 asked me for the password to unlock the use of it when I attempted to send S/MIME email. Thunderbird 3 beta now asks for it on every start-up. This is most irritating, because I rarely send S/MIME email, and so normally wasn't bothered by this dialog.

Is this the same bug, or a Thunderbird-specific one?

Ever confirmed: true

Comment 5

9 years ago
Gerv, I don't think a confirmation of a similar bug in Thunderbird counts for a bug filed in Firefox :)
Ever confirmed: false
Summary: Software Security Device requests master password at startup → Software Security Device requests master password at startup (after adding a certificate)
Whiteboard: [needs reproducing, maybe needs clearer steps to repro]
Er... OK, but why is the original reporter installing a Thawte email certificate in Firefox? What's he trying to do with it?


Comment 7

9 years ago
I am still subscribed to this, you know, no need for the third person. Do you enjoy clogging up bug discussions?


Anyway, I no longer have the use case that led to this report being filed, so I can't add any further details or confirm for a more recent Firefox version.
Earle: sorry :-) And I love that website.

I've got a Thawte email cert, too, and I'm only asked for my master password when one of my saved tabs includes a site for which I've saved a password. If your home page was an SSL site that speculatively requests client authentication you might get this behavior, too.

Gerv: Thunderbird asks me for my master password the first action that touches something with a saved password. Long before it needs to unlock my S/MIME cert it's already asked for the password to unlock the IMAP account so I could read the mail to which I later want to reply. Is your Thunderbird account set to get mail at launch and wasn't back when you used Tbird2?

Given comment 7 I think we've got to close this one until we find someone who can reproduce it.
Last Resolved: 9 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.