Launchpad has imported 2 comments from the remote bug at
https://bugzilla.mozilla.org/show_bug.cgi?id=1582169.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2019-09-18T15:42:54+00:00 Vineetha Kamath wrote:

Created attachment 9093608
firefox_nss_disable_fips_enabled_flag.patch

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/76.0.3809.132 Safari/537.36

Steps to reproduce:

On a FIPS enabled system, i.e. a system running a FIPS enabled kernel,
/proc/sys/crypto/fips_enabled is set to 1. The libraries that are FIPS
certified reads this flag to decide if they have to operate in FIPS
mode. Firefox's nss bundled code by default reads this flag. Firefox is
not one of FIPS certified libraries and should not be reading this flag.

A bug has been filed against Ubuntu firefox package here -
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1843044


Actual results:

On a FIPS enabled system. firefox crashes while starting up. An strace
showed that it was repeatedly reading the flag before the crash.


Expected results:

Firefox and its associated nss bundled code are not FIPS certified and
hence should not be reading the /proc/sys/crypto/fips_enabled flag. I
propose to disable reading that flag.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1843044/comments/8

------------------------------------------------------------------------
On 2019-09-18T15:44:48+00:00 Vineetha Kamath wrote:

After applying the patch, no crash was observed on a FIPS enabled
system.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1843044/comments/9


** Changed in: firefox
       Status: Unknown => New

** Changed in: firefox
   Importance: Unknown => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1843044

Title:
  firefox crashes on a FIPS enabled machine

To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1843044/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to