Nexus plugin crashes or hangs (does not accept keyboard input) when trying to use it to log in to online bank

RESOLVED WORKSFORME

Status

()

Core
Plug-ins
--
critical
RESOLVED WORKSFORME
7 years ago
7 years ago

People

(Reporter: Kai de Leeuw, Unassigned)

Tracking

({regression, relnote})

Trunk
x86
Windows XP
regression, relnote
Points:
---

Firefox Tracking Flags

(blocking2.0 -)

Details

(URL)

(Reporter)

Description

7 years ago
User-Agent:       Mozilla/5.0 (Windows NT 5.1; rv:2.0b13pre) Gecko/20110301 Firefox/4.0b13pre
Build Identifier: 

Something very alike to bug 571179 is happening in Fx4.

When I try to log in, as in bug 571179, the textbox of the plugin for the password does not respond to input. I then ignore this fact and type in my password anyway and press enter. Sometimes the plugin crashes after a while, but sometimes my keyboard input gets processed anyway (but never seen in the textbox) and I succeed to log in.

I usually repeat the login procedure two or three times until I get through.

If I try the exact same thing in Chrome, it works like a charm, no hangs and no crashes.

Reproducible: Always

Steps to Reproduce:
Per instructions on the Bank site:
1. Download a BankID
2. Try to Log in with the BankID alternative
Actual Results:  
Crashes or hangs.

Expected Results:  
No crash and no hang.

This is a bit hard to reproduce if noone working with triage has an account on
that bank, I know, but that shouldn't stop me from filing this bug. ;)

The error is not just happening on this website. I can sometimes get it on the site of the Tax office of Sweden, http://www.skatteverket.se. So it seems to be a plugin bug, not a website bug. Considering that everything works extremely well in Chrome, this seems to be a Firefox bug.

I also think this has to do with the out of process plugin change of later Firefoxes.

I also think this should block the release of Fx4, since BankID is a nationwide solution for logging in in Sweden. So the user base is like several million people.
(Reporter)

Comment 1

7 years ago
Requesting blockage for 2.0 per comment 0
blocking2.0: --- → ?

Updated

7 years ago
blocking2.0: ? → ---
(Reporter)

Updated

7 years ago
blocking2.0: --- → ?
(Reporter)

Comment 3

7 years ago
and here's a crash I got a minute earlier when I actually succeeded to log in but never saw any text being entered in the textbox. So it seems it crashes then also...

https://crash-stats.mozilla.com/report/index/beadeacf-1456-4e27-9cac-d878c2110302
(Reporter)

Updated

7 years ago
Version: unspecified → Trunk

Comment 4

7 years ago
Are there any more crash reports listed in about:crashes?

Does this happen every time you try to use the site, or just sometimes?

Does using safe mode help?
http://support.mozilla.com/en-US/kb/Safe+Mode

Comment 5

7 years ago
cc'ing a Nexus Personal developer. The plugin is hanging (see the plugin stack here: https://crash-stats.mozilla.com/report/index/beadeacf-1456-4e27-9cac-d878c2110302) and Firefox is killing it off after 45 seconds of it not responding. It appears that the plugin is in some Sleep() loop.

Not a blocker, but if the Nexus developers can help us diagnose we can figure out whether this is a plugin bug or a Firefox bug.
(Reporter)

Comment 6

7 years ago
(In reply to comment #5)
> Not a blocker, but if the Nexus developers can help us diagnose we can figure
> out whether this is a plugin bug or a Firefox bug.

Doesn't the plugin working like a charm in other web browsers indicate that this is an Fx bug? 

And doesn't a user base with six or seven digits, constitute a severity that should make this a blocker?

Comment 7

7 years ago
(In reply to comment #6)
> Doesn't the plugin working like a charm in other web browsers indicate that
> this is an Fx bug? 

It still could be an issue with the plugin, or your current Firefox profile.

Please answer comment 4 as well as indicate if this works correctly in 3.6.13.

Thanks!
See Also: → bug 571179
Doesn't seem to be anything we can do until we get a fix from Nexus. Not blocking. Adding relnote.
Status: UNCONFIRMED → NEW
blocking2.0: ? → -
Ever confirmed: true
Keywords: relnote
(Reporter)

Comment 9

7 years ago
(In reply to comment #4)
> Are there any more crash reports listed in about:crashes?

Yes, there are lots of crash reports in about:crashes, from my other failed attempts in the past to login.

> Does this happen every time you try to use the site, or just sometimes?

It happens every time I use the site, not just sometimes.

> Does using safe mode help?
> http://support.mozilla.com/en-US/kb/Safe+Mode

Safe mode did not help. Nor did creating a completely new profile. I even tested a fresh profile in safe mode. 

(In reply to comment #7)
> (In reply to comment #6)
> > Doesn't the plugin working like a charm in other web browsers indicate that
> > this is an Fx bug? 
> 
> It still could be an issue with the plugin, or your current Firefox profile.

Doesn't seem to be profile related. See answer to comment 4.
 
> Please answer comment 4 as well as indicate if this works correctly in 3.6.13.

I have answered comment 4. It works correctly in 3.6.14.

> Thanks!

You're welcome. :)

(In reply to comment #8)
> Doesn't seem to be anything we can do until we get a fix from Nexus. Not
> blocking. Adding relnote.

How did you reach this conclusion? Just asking out of curiosity.

--

I get a slow script warning quite often in connection to the error. So maybe it is a bug in the JIT compiler of Firefox? I mean, it works in 3.6.14 which is pre-Jägermonkey.

So maybe it is not even a plugin bug, but a Javascript bug? That would make sense since out of process plugins is present in 3.6.14 also, and what is new in Fx4 is the JavaScript engine. But I don't really know actually if out of process plugins actually is enabled for this plugin in 3.6.14, so I can't really know. Just guessing.
By trying a new profile, you've eliminated the problem being:
- extension related
- corrupt profile files

By trying safe mode, you've eliminated:
- methodjit javascript problems
- extensions
- hardware acceleration issues

In order to work out the actual cause, the easiest thing to do is perhaps find the regression range:
http://harthur.github.com/mozregression/

Once you have mozregression installed, I'd suggest using the following date ranges:
mozregression --good=2009-08-01 --bad=2011-03-01

You will need to answer "good" or "bad" after each run, but getting to the final 24hour range should take no more than ~10 tries.

Thanks!
Keywords: regression, regressionwindow-wanted
(Reporter)

Updated

7 years ago
Keywords: regressionwindow-wanted
(Reporter)

Comment 13

7 years ago
If I change "dom.ipc.plugins.enabled" to be "false", then the plugin does indeed starts working "like a charm" again.
Thanks for the range, marking as blocking bug 531142, for visibility.

Also perhaps the relnote can be updated to include the workaround in comment 12? (Or is that just going to cause issues down the line with lots of people with IPC plugins disabled and having to rename the pref again, like was done for the html5 parser post hotmail issues?)
Blocks: 531142
Apologies, meant the workaround in comment 13.
(Reporter)

Comment 16

7 years ago
I very often get a slow script warning when I reproduce the lock/hang/crash of the plugin. I think I get it because the browser is locked because the plugin is locked, and it is not really a slow script.

Anyhow I get it. And when I get it it says that it is row 471 of https://secure3.skandiabanken.se/login/login.aspx?t=sb that is the culprit.

This is the code around row 471... the catch statement is row 471:
                else if (browser == 'netscape') {
                    startCheck();
                    var ver = document.getElementById("ctl00_cphMainContentWide_BankIdVersion").value;

                    if (ver == 'old') {
                        return;
                    }

                    if (valueb == 0) {
                        //document.authenticateMoz.SetParam('TokenRemovedURL', 'aHR0cDovL3Rlc3Quc2VydmVyLmNvbS9Mb2dpbj9hY3Rpb249cmVtb3ZlZCZpZD0x');
                        //document.authenticateMoz.SetParam('TokenRemovedTimeout', '1');
                        //document.authenticateMoz.SetParam('ServerTime', '1221629266');
                        var filter = document.getElementById('ctl00_cphMainContentWide_bankIDfilter').value;
                        document.authenticateMoz.SetParam('Policys', filter);

                        var sessionkey = document.getElementById('ctl00_cphMainContentWide_sessionkey').value;
                        document.authenticateMoz.SetParam('Challenge', sessionkey);

                        var res = document.authenticateMoz.PerformAction('Authenticate');

                        if (res == 0) {

                            document.getElementById('ctl00_cphMainContentWide_hdnResponse').value = 0;
                            document.getElementById('ctl00_cphMainContentWide_bidmessage').value = document.authenticateMoz.GetParam('Signature');
                            document.getElementById('ctl00_cphMainContentWide_challenge').value = document.authenticateMoz.GetParam('Challenge');

                        }
                        else {
                            document.getElementById('ctl00_cphMainContentWide_hdnResponse').value = 1;
                        }
                    }

                } //Slut Mozilla och Safari


                return false;
            } catch (e) {

            }
        }

I think it seems that it is the rows with document.authenticateMoz that produce the hang. Maybe document.authenticateMoz.PerformAction('Authenticate'); is the most likely candidate.

Not sure what to make out of this though. But maybe someone reading this have more clues than I have.
(Reporter)

Comment 18

7 years ago
Duh... I have tried many times to use the "Check for Updates" menu item on the system tray icon of Nexus Personal, and it always said I was up to date.

Today I talked to a colleague that said that he had manually downloaded a newer version of Nexus Personal, one that wasn't offered when checking for updates within the application.

Anyway, that version works, so WFM.

But I wonder how many ppl there are that have an old version and have no idea of checking for updates, and even less of an idea of going online to www.bankid.com and downloading a new version; they will still see the behaviour I have described in this bug.

Nonetheless, WFM.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WORKSFORME

Comment 19

7 years ago
Kai, do you know what version of Nexus personal you *were* using, and what version you are using now (from about:plugins)? Magnus, if there are old nonworking versions, can we add them to the Firefox blacklist which will prompt users to upgrade?
(Reporter)

Comment 20

7 years ago
I am using 4.17.0 now. 

I was using 4.10.4.3 (I found it in the crash report... a bit hard to find but I found it)

Thanks!
You need to log in before you can comment on or make changes to this bug.