466447 - Firefox crashes when the PIN is entered on a smart card reader with secure PIN entry

Status: RESOLVED DUPLICATE of bug 443284

(Core Graveyard :: Security: UI, defect)

Description

[Helge Bragstad]

User-Agent:       Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; MS-RTC LM 8)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4

When using a PKCS #11 library for smart cards with PIN pad reader, Firefox crashes. The library sets the CK_TOKEN_INFO.flags CKF_PROTECTED_AUTHENTICATION_PATH flag to TRUE, as described in PKCS #11 spec. When Firefox 3.0.4 needs to login into the token, it displays a "Protected Token Authentication" dialog and calls correctly C_Login with an empty PIN, everything good so far. When the C_Login returns, either with CKR_OK or an error, FF crashes.

Reproducible: Always

Steps to Reproduce:
1. Load a PKCS #11 library that sets CKF_PROTECTED_AUTHENTICATION_PATH
2. Open the certificate dialog: Tools->Options->Advanced->Encryption->View Certificates
3. FF Displays a "Protected Token Authentication" message box and activates the PIN pad entry.
4. Enter correct PIN, wrong PIN or Cancel, in either case, FF crashes.
Actual Results:  
Firefox crashes

Expected Results:  
Firefox should behave the same way as when PIN is entered through the regular PIN dialog of Firefox, i.e. accept or reject authentication depending on the result.