Security dialog comes up at inappropriate times

VERIFIED FIXED in M18

Status

()

P3
normal
VERIFIED FIXED
19 years ago
18 years ago

People

(Reporter: morse, Assigned: ddrinan0264)

Tracking

({relnote})

Trunk
x86
Windows NT
relnote
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [nsbeta2-][HELP WANTED][nsbeta3+])

Attachments

(2 attachments)

(Reporter)

Description

19 years ago
When creating or changing the Personal Security Password, you get the security 
alert saying that you are submitting a form to an insecure site.  But you are 
not submitting it to any site -- you are merely clicking on OK to a 
browser-generated form.  It's inappropriate (and misleading) to get the alert at 
this time.

Here's the stack-trace (no surprises) at the time the dialog appears:

nsXULWindow::ShowModal(nsXULWindow * const 0x040e2140) line 227 + 31 bytes
nsWebShellWindow::ShowModal(nsWebShellWindow * const 0x040e2140) line 1097
nsChromeTreeOwner::ShowModal(nsChromeTreeOwner * const 0x040e54c0) line 182
GlobalWindowImpl::OpenInternal(GlobalWindowImpl * const 0x03de4f20, JSContext * 
0x03de4d30, long * 0x0370e070, unsigned int 4, int 1, nsIDOMWindow * * 
0x0012deb0) line 2870
GlobalWindowImpl::OpenDialog(GlobalWindowImpl * const 0x03de4f24, JSContext * 
0x03de4d30, long * 0x0370e070, unsigned int 4, nsIDOMWindow * * 0x0012deb0) line 
1758
nsCommonDialogs::DoDialog(nsCommonDialogs * const 0x02407f20, nsIDOMWindow * 
0x03de4f24, nsIDialogParamBlock * 0x040e1040, const char * 0x01086678) line 453 
+ 29 bytes
nsCommonDialogs::ConfirmCheck(nsCommonDialogs * const 0x02407f20, nsIDOMWindow * 
0x03de4f24, const unsigned short * 0x0012e320, const unsigned short * 
0x040e2940, const unsigned short * 0x0012e288, int * 0x0012e1d4, int * 
0x0012e3ec) line 160 + 27 bytes
nsSecureBrowserUIImpl::CheckPost(nsIURI * 0x040e15b0, int * 0x0012e3ec) line 642
nsSecureBrowserUIImpl::Notify(nsSecureBrowserUIImpl * const 0x03e8e4a8, 
nsIContent * 0x03f0e1dc, nsIDOMWindow * 0x03aa4db4, nsIURI * 0x040e15b0) line 
265 + 19 bytes
nsFormFrame::OnSubmit(nsFormFrame * const 0x03742c5c, nsIPresContext * 
0x03aa1110, nsIFrame * 0x00000000) line 843 + 63 bytes
nsHTMLFormElement::Submit(nsHTMLFormElement * const 0x03f0e1d0) line 305 + 23 
bytes
HTMLFormElementSubmit(JSContext * 0x03aa4bc0, JSObject * 0x036cfb40, unsigned 
int 0, long * 0x03720d5c, long * 0x0012e960) line 408 + 15 bytes
js_Invoke(JSContext * 0x03aa4bc0, unsigned int 0, unsigned int 0) line 716 + 23 
bytes
js_Interpret(JSContext * 0x03aa4bc0, long * 0x0012f318) line 2520 + 15 bytes
js_Execute(JSContext * 0x03aa4bc0, JSObject * 0x036ce0f0, JSScript * 0x040f01b0, 
JSFunction * 0x00000000, JSStackFrame * 0x00000000, unsigned int 0, long * 
0x0012f318) line 887 + 13 bytes
JS_EvaluateUCScriptForPrincipals(JSContext * 0x03aa4bc0, JSObject * 0x036ce0f0, 
JSPrincipals * 0x04088ad0, const unsigned short * 0x0012f3d4, unsigned int 11, 
const char * 0x040154e0, unsigned int 29, long * 0x0012f318) line 2768 + 27 
bytes
nsJSContext::EvaluateString(nsJSContext * const 0x03aa4d50, const nsString & 
{"submitif();"}, void * 0x036ce0f0, nsIPrincipal * 0x04088acc, const char * 
0x040154e0, unsigned int 29, const char * 0x0030c468, nsString & {""}, int * 
0x0012f3b8) line 525 + 55 bytes
GlobalWindowImpl::RunTimeout(nsTimeoutImpl * 0x04015590) line 3561 + 97 bytes
nsGlobalWindow_RunTimeout(nsITimer * 0x04015480, void * 0x04015590) line 3826 + 
15 bytes
nsTimer::Fire() line 194 + 17 bytes
nsTimerManager::FireNextReadyTimer(nsTimerManager * const 0x011365d0, unsigned 
int 0) line 117
nsAppShell::GetNativeEvent(nsAppShell * const 0x03ffff40, int & 1, void * & 
0x013e1d88 msg) line 164
nsXULWindow::ShowModal(nsXULWindow * const 0x03b33ae0) line 227 + 31 bytes
nsWebShellWindow::ShowModal(nsWebShellWindow * const 0x03b33ae0) line 1097
nsContentTreeOwner::ShowModal(nsContentTreeOwner * const 0x03de0830) line 184
GlobalWindowImpl::OpenInternal(GlobalWindowImpl * const 0x00d411f0, JSContext * 
0x00d425f0, long * 0x00f3cdc4, unsigned int 3, int 0, nsIDOMWindow * * 
0x0012fa74) line 2870
GlobalWindowImpl::Open(GlobalWindowImpl * const 0x00d411f4, JSContext * 
0x00d425f0, long * 0x00f3cdc4, unsigned int 3, nsIDOMWindow * * 0x0012fa74) line 
1750
nsPSMUIHandlerImpl::DisplayURI(nsPSMUIHandlerImpl * const 0x03b363b0, int 500, 
int 450, int 1, const char * 0x03b31af0) line 104
XPTC_InvokeByIndex(nsISupports * 0x03b363b0, unsigned int 3, unsigned int 4, 
nsXPTCVariant * 0x03b333d0) line 139
EventHandler(PLEvent * 0x03b31530) line 489 + 41 bytes
PL_HandleEvent(PLEvent * 0x03b31530) line 575 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x010ea0c0) line 520 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x140c067a, unsigned int 49420, unsigned int 0, 
long 17735872) line 1032 + 9 bytes
USER32! 77e71268()
010ea0c0()

Comment 1

19 years ago
Eric, this probably isn't yours, but maybe you know who to get it to.
Assignee: rods → pollmann

Comment 2

19 years ago
This is already reported as bug 39518.  Thanks!

*** This bug has been marked as a duplicate of 39518 ***
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → DUPLICATE
(Reporter)

Comment 3

19 years ago
No, this is not a dup of bug 39518.  That bug has to do with the checkbox to 
disable the dialog in the future.  This bug has to do with the box coming up in 
the first place.  We should never get this dialog when telling the browser that 
you want to change your master password.  This has nothing to do with 
transmitting data to a site -- it's totally a privilegded communication between 
the user and the browser.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---

Comment 4

19 years ago
Oops, yes - definitely two separate issues!

Comment 5

19 years ago
Steve, can you walk me though: "creating or changing the Personal Security 
Password"?  I tried:

Tasks->Privacy and Security->Password Manager->Change Master Password...

This resulted in psm.exe crashing.  Am I doing the wrong thing?
(Reporter)

Comment 6

19 years ago
You are doing the right thing.  That's exactly what I do to get the dialog.  Are 
you sure you have a good installation of psm?
(Reporter)

Comment 7

19 years ago
Are you sure it crashed or did it simply assert?  Yes, there are many assertions 
when psm comes up and thayes is probably going to clean that up eventually.

Comment 8

19 years ago
Yes, it crashed dereferencing 0x00000.  The psm install seems to work fine for 
https pages.  I'll try a clobber build and reinstall.  At any rate, this is 
probably a bug in the psm glue code not form submission.  The psm glue code is 
what determines if a dialog should be popped up or not.  CC'ing dougt
(Reporter)

Comment 9

19 years ago
Do you have the latest and greatest version of psm?  I know that they made some 
changes recently which are needed for proper operation of SDR but might not be 
needed for https.  So that could possibly explain why you can do https but crash 
on this dialog.

I'm pulling a fresh tree right now and will try it out.  But the dialog came up 
fine (no crash) on a tree from two days ago.
(Reporter)

Comment 10

19 years ago
With my fresh tree, and with a fresh psm, I am still seeing the problem.  In 
fact, under certain conditions (not sure yet what they  are) I can actually get 
the security alert twice.

Here's a scenerio in which I get the alert twice:

1. Create a new profile and bring up the browser
2. Go to http://people.netscape.com/morse/password.htm
3. Fill in any arbitrary username and password, then submit form
4. Answer "yes" to the "do you want to save" dialog
5. Dismiss the encryption-disclaimer dialog
6. Dismiss the security-alert dialog (this one is bona-fide)
7. From the menu select tasks->privacy->password-manager->encrypt
8. PSM dialog for creating master password appears.  Enter password and press OK
9. Security alert appears (this is inappropriate).  Click OK
10. Security alert appears again (this is doubley inappropriate).
(Reporter)

Updated

19 years ago
Whiteboard: nsbeta2

Comment 11

19 years ago
Moving nomination to keywords.
Keywords: nsbeta2
Whiteboard: nsbeta2

Comment 12

19 years ago
Giving Jud another PSM related bug for safekeeping.  Please reassign this to the 
new owner when one is selected, thanks!
Assignee: pollmann → valeski
Status: REOPENED → NEW
Component: Form Submission → Security: General

Comment 13

19 years ago
Putting on [nsbeta2-] radar.  Not critical to beta2.  Adding "relnote" keyword 
for PR2 release. 
Keywords: relnote
Whiteboard: [nsbeta2-]
(Reporter)

Updated

19 years ago
Keywords: nsbeta3

Comment 14

19 years ago
I have no clue who should own this.
Whiteboard: [nsbeta2-] → [nsbeta2-][HELP WANTED][nsbeta3+]

Updated

19 years ago
Target Milestone: --- → M18

Updated

19 years ago
Blocks: 48444
(Assignee)

Comment 15

19 years ago
Re-assigning all valeski PSM bugs to ddrinan.
Assignee: valeski → ddrinan

Comment 16

18 years ago
Worksforme with the 8/29 PSM build for Linux.
Status: NEW → RESOLVED
Last Resolved: 19 years ago18 years ago
Resolution: --- → WORKSFORME
(Reporter)

Comment 17

18 years ago
Doesn't works-for-me with the 8/29 mozilla build for windows.  Here are simple 
steps to reproduce the problem.

1. Start with a fresh profile
2. From menu do tasks->privacy->password-manager->change-password
3. PSM pops up a dialog with the title "Personal Security Password"
4. Enter a password and confirm it on the dialog
5. Press OK

At this point you get the security-alert dialog saying "Any information you 
submit is insecure and could be observed by a third party ..."  This is the last 
thing you want to see when you are creating a secret password for yourself.  
Furthermore, it is misleading since it implies that you are submitting this 
password to some website which of course is not the case.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
(Reporter)

Comment 18

18 years ago
JUST A MINUTE!!!  I think we really are submitting this password to a website.  
I just did some debugging on it and it appears as though the password dialog 
itself is coming from the following site:

http://3:nonce711278957845190@127.0.0.1:1504/get?baseRef=set_password&target=3&s
lot=PSM%20Private%20Keys&mechanism=%2d1

I'll investigate further by using a sniffer and seeing if that is what is 
happening.
(Assignee)

Comment 19

18 years ago
What you're seeing is the url between mozilla and PSM, which uses HTTP (with 
basic auth) to display UI.

I have a fix that will supress the security dialog when using security advisor. 
I expect to check this in tonight or tomorrow.
(Reporter)

Comment 20

18 years ago
Yep, the dialog for creating a master password is indeed coming from a website, 
so when the user creates or changes his master password it is getting submitted 
back to the website.  That's certainly a privacy breach and probably a security 
breach as well.

I'll attach the network traffic that got generated when I attempted to change my 
master password.
(Reporter)

Comment 21

18 years ago
Created attachment 13704 [details]
Network traffic generated when user changes master password
(Reporter)

Comment 22

18 years ago
David, I hope the fix you are about to check in does more than just surpress the 
security advisor.  We have much bigger problems if you are going to access a 
website every time a user creates or changes his master password.
(Reporter)

Comment 23

18 years ago
Previous traffic that I posted was generated when the user brought up the 
change/create password dialog.  I'm not about to post the traffic that gets 
created when he submits the new password.  It contains some encrypted data which 
I would guess is the users password.
(Reporter)

Comment 24

18 years ago
Created attachment 13705 [details]
Traffic generated when user submits his new password.
(Assignee)

Comment 25

18 years ago
Steve,

PSM does UI by running a mini-http server that servers up HTML content to a 
client. Here is an internal link that describes the design: 
http://warp/hardcore/library/arch/cartman-arch.html

 
(Reporter)

Comment 26

18 years ago
Is the mini http server actually running on the client's local machine and there 
really is no traffic going out to the net?
(Assignee)

Comment 27

18 years ago
Yes. You will see that all the urls use 127.0.0.1 for the host.
(Reporter)

Comment 28

18 years ago
OK, I'm satisfied -- there is no privacy or security breach here.  Sorry for 
thinking otherwise.
(Assignee)

Comment 29

18 years ago
Fixed.
Status: REOPENED → RESOLVED
Last Resolved: 18 years ago18 years ago
Resolution: --- → FIXED

Comment 30

18 years ago
Marking VERIFIED FIXED on:
- LinuxRH62 2000-09-13-08-M18 Commercial
- Win98     2000-09-13-08-M18 Mozilla
- MacOS86   2000-09-13-04-M18 Commercial
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.