Closed Bug 489880 Opened 15 years ago Closed 14 years ago

Firefox must be force quit when FIPS is enabled and exiting Private Browsing

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Version:
1.9.1 Branch
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: marcia, Unassigned)

References

Details

Seen while running Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b4pre) Gecko/20090423 Shiretoko/3.5b4pre. Not sure if this is the correct component to file this bug 

STR:
1. Enable a Master Password
2. Enable FIPS
3. Enter Private Browsing mode.
4. While in PB mode, close the browser

Result: You get a master password on dialog, and you must force quit Firefox to exit since it beachballs right after the dialog comes up.
Could this be because of bug 463256? Resetting the [on|off]line setting for ssl may require re-entering the password, which gets to this very strange situation...
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2a1pre) Gecko/20090423 Minefield/3.6a1pre

Then again, I couldn't reproduce this on WIndows. I do get a new master password when I enter/exit pb mode if the session to be restored is one that requires it (i.e. my gmail page). When I shutdown firefox I don't get the master password dialog as the session is not restored until I restart firefox...
I tried reproducing this on the latest Win Vista nightly and I could not reproduce it either. The only other thing I forgot to add in Comment 0 was the fact I do have a certificate installed (Thawte).
Forgive my ignorance here, but would someone please explain what FIPS is?  Google lead me to <http://en.wikipedia.org/wiki/Federal_Information_Processing_Standard> which I'm not sure is the correct explanation...
Marcia, could you please try to reproduce this with the latest trunk nightly, now that bug 496335 has been fixed?
(In reply to comment #5)
> Try http://en.wikipedia.org/wiki/FIPS_140

Thanks for the link.  I followed it to <http://www.mozilla.org/projects/security/pki/nss/fips/> as well, but still I'm not sure what this exactly means in context of Mozilla/NSS?  Do I need a special hardware component in order to enable FIPS?  How would Mozilla behave differently with FIPS enabled?
Ehsan,  Your comment 7 tells me that we need a findable resource (web page)
that answers questions such as "what the heck is FIPS mode?".  :)  
I would be willing to help provide content for such a page, but I honestly
don't know where to put it (which site? where?)  We may already have one, 
for all I know.  

I found some that explain how to enable/disable it, but none that really 
explain what it is or why you would use it.

http://www.mozilla.org/projects/security/pki/psm/help_21/using_certs_help.html#using_certs_devices_fips

http://support.mozilla.com/en-US/kb/Configuring+Firefox+for+FIPS+140-2
Blocks: 496335
blocking1.9.1: --- → ?
blocking1.9.1: ? → ---
I created a new wiki web page about FIPS and FIPS Mode.
https://developer.mozilla.org/FIPS_Mode_-_an_explanation
Please post follow up discussion in mozilla.dev.tech.crypto 
Thanks
(In reply to comment #9)
> I created a new wiki web page about FIPS and FIPS Mode.
> https://developer.mozilla.org/FIPS_Mode_-_an_explanation
> Please post follow up discussion in mozilla.dev.tech.crypto 
> Thanks

Thanks for the content!  Why not put it up on SUMO as well, since there's where most users would expect to find this info?
Putting stuff on sumo is far too painful for mere mortals. 
I learned that by doing the page 
http://support.mozilla.com/en-US/kb/Configuring+Firefox+for+FIPS+140-2
I can commit into any Mozilla source tree, but I can't update SUMO. :(
If some full time SUMO staff wants to do it, be my guest.
Not sure how common this problem is on SUMO or how often it's being searched for. Cheng, any insights to share?
I have 1 forum thread since 2009-01-01 asking for FIPS and 11 with excess master password requests where FIPS is a possible cause.  Nothing about Private Browsing hanging on exit, nothing about FIPS + Private Browsing.
Thanks Cheng. Doesn't sound like we need this in the KB then.
1390 searches in 2009 with the word fips (compare to 7,140,000 searches total).  About 1/3rd of the searches are for some variant of the "please enter your FIPS master password" message.  Again nothing in this list that suggests that hanging on exit is common.

It sounds like an edge case that doesn't need to be in the KB.
Well, private browsing is a brand new feature in FF 3.5 right?  So, one 
would not expect there to be messages about in in January of this year.
FIPS isn't new though.  It's more of an indication of how many users are coming to SUMO needing help with FIPS.
I'm guessing that based on comment 1, this should be fixed now that bug 496335 is fixed.  Marcia, could you please try to reproduce this again?
Keywords: qawanted
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 GTB6

I cannot reproduce with the above build.  If someone can reproduce, please provide more detailed steps, including URLs visited, etc. I run in FIPS mode, so if the steps require a fresh profile, please post that info also.
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b8) Gecko/20100101 Firefox/4.0b8

Works for me on the above build. In any case, I think a bug like this warrants a testcase in Litmus.  Resolving WORKSFORME.  Testcase will be created shortly.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
Litmus testcase added:
https://litmus.mozilla.org/show_test.cgi?id=15025
Flags: in-litmus+
Keywords: qawanted
You need to log in before you can comment on or make changes to this bug.