crypto.generateCRMFRequest can cause "Change Master Password" to appear

RESOLVED WONTFIX

Status

Core Graveyard
Security: UI
RESOLVED WONTFIX
4 years ago
a year ago

People

(Reporter: Jesse Ruderman, Unassigned)

Tracking

({testcase})

Trunk
x86_64
Mac OS X
testcase

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

4 years ago
Created attachment 811960 [details]
testcase

If I load the testcase first thing in a new profile, Firefox pops up a dialog asking me to set a master password.
(Reporter)

Comment 1

4 years ago
Created attachment 811962 [details]
screenshot
I'd suspect this is a PSM/NSS bug, since the key here seems to be that you need to do this immediately with a new profile.

I can reproduce this by visiting the attachment URL directly in a new profile -- but if I load the bug first and then click the attachment, I do not. 

I'd especially be looking at why this code has historically been needed:

(http://mxr.mozilla.org/mozilla-central/source/toolkit/components/passwordmgr/crypto-SDR.js#71)

77         // Check to see if the internal PKCS#11 token has been initialized.
78         // If not, set a blank password.
79         let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].
80                       getService(Ci.nsIPK11TokenDB);
81 
82         let token = tokenDB.getInternalKeyToken();
83         if (token.needsUserInit) {
84             this.log("Initializing key3.db with default blank password.");
85             token.initPassword("");
86         }

I bet this bug only happens if you tickle it before password manager happens to do this.
Blech. See also bug 717490 comment 17, wherein I suspect a closely-related issue. Softtoken's lack of self-initialization (and/or it's confusion about what state it is in) is pretty dumb.
Bug 1030963 removed this functionality entirely.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WONTFIX
(Assignee)

Updated

a year ago
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.