Firefox crashes when the PIN is entered on a smart card reader with secure PIN entry

RESOLVED DUPLICATE of bug 443284

Status

Core Graveyard
Security: UI
RESOLVED DUPLICATE of bug 443284
10 years ago
2 years ago

People

(Reporter: Helge Bragstad, Unassigned)

Tracking

1.9.0 Branch
x86
Windows XP

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; MS-RTC LM 8)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4

When using a PKCS #11 library for smart cards with PIN pad reader, Firefox crashes. The library sets the CK_TOKEN_INFO.flags CKF_PROTECTED_AUTHENTICATION_PATH flag to TRUE, as described in PKCS #11 spec. When Firefox 3.0.4 needs to login into the token, it displays a "Protected Token Authentication" dialog and calls correctly C_Login with an empty PIN, everything good so far. When the C_Login returns, either with CKR_OK or an error, FF crashes.

Reproducible: Always

Steps to Reproduce:
1. Load a PKCS #11 library that sets CKF_PROTECTED_AUTHENTICATION_PATH
2. Open the certificate dialog: Tools->Options->Advanced->Encryption->View Certificates
3. FF Displays a "Protected Token Authentication" message box and activates the PIN pad entry.
4. Enter correct PIN, wrong PIN or Cancel, in either case, FF crashes.
Actual Results:  
Firefox crashes

Expected Results:  
Firefox should behave the same way as when PIN is entered through the regular PIN dialog of Firefox, i.e. accept or reject authentication depending on the result.

Updated

10 years ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 443284
Component: Libraries → Security: UI
Product: NSS → Core
Version: unspecified → 1.9.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.