Dapper: Regression: Firefox 1.5.0.9: Saved passwords causes crash with Mailman admin
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox (Ubuntu) |
Fix Released
|
Medium
|
Kees Cook | ||
Breezy |
Fix Released
|
Medium
|
Kees Cook | ||
Dapper |
Fix Released
|
Medium
|
Kees Cook |
Bug Description
Binary package hint: firefox
[Edit: NOTE: This is a _regression_ in Firefox 1.5.0.9, released as a security update for Ubuntu Dapper. Functionality that used to work perfectly now causes the browser to crash hard. The problem appears to be widely reproduced with the only people unable to reproduce it being those using some other browser version.]
The latest security update for Firefox for Ubuntu Dapper (6.06), version 1.5.dfsg+
Ubuntu Version: Dapper Drake (6.06)
Firefox Version: 1.5.dfsg+
Reproducable: always
How to reproduce:
1. Stop Firefox
2. Remove ~/.mozilla/
3. Start Firefox
4. Go to http://
5. Log in
6. Choose to allow Firefox to save the password
7. Observe Firefox crashes
8. Restart Firefox
9. Go back to http://
10. Observe Firefox crashes again without displaying the page
11. Go back to step 2 and repeat.
12. Go back to step 2 and repeat choosing NOT to save the password at step 6 and observe Firefox doesn't crash
Desired behaviour: As per previous version, should fill in saved password for the form and not crash.
Other notes:
It doesn't appear necessary for the password to actually be correct; just that it be saved. The crash on visiting the page with a saved password appears to happen aroun the time that the saved password might be pre-filled.
Completely removing the saved passwords and starting again doesn't seem to help; as soon as the password is saved the problem reappears. Removing the firefox profile and starting again also doesn't seem to help; again as soon as the password is saved the problem reappears.
The only thing I can see which is noticably different between the Mailman login page and, eg, the launchpad.net login page, in terms of saved passwords, is that the Mailman page is password-only, whereas the launchpad.net has an email address as well as the password. Possibly the bug is somehow related to the form being password-only.
This behaviour is new with the security update for Ubuntu Dapper which came out this morning. I've used the saved password feature with many previous versions of Firefox without any problems. Knowing the issues which have been reported with Firefox recently, including a password stealing attack, I'd guess that there is a bug in the "fix" chosen to try to defeat that password stealing attack.
Finally, for what little it seems to be worth, a backtrace of the coredump:
ewen@wat:/var/tmp$ gdb /usr/lib/
GNU gdb 6.4-debian
Copyright 2005 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-linux-
Using host libthread_db library "/lib/tls/
(no debugging symbols found)
Core was generated by `/usr/lib/
Program terminated with signal 11, Segmentation fault.
[....]
#0 0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0 0xffffe410 in __kernel_vsyscall ()
#1 0xb7e56790 in raise () from /lib/tls/
#2 0x08055e0b in ?? ()
#3 0x0000000b in ?? ()
#4 0xbfaf0e8c in ?? ()
#5 0x00000000 in ?? ()
(gdb)
Ewen
Changed in firefox: | |
assignee: | nobody → pitti |
importance: | Undecided → Medium |
status: | Confirmed → In Progress |
Issolated test case:
http:// www.naos. co.nz/tmp/ ubuntu/ firefox/ mailman- signon- page.html
Steps to reproduce is slightly different here, I think because there's no real form processing behind it. To reproduce:
1. Go to URL firefox/ PROFILE/ signons. txt
2 Enter some string to be the password, eg "test" (it doens't matter, just
needs something)
3. Choose to remember the password
4. Observe "success" message
5. Go back to URL (eg, click on the link in the success page)
6. Observe browser crashes
7. Restart firefox
8. Go to URL
9. Observe browser crashes
10. Remove ~/.mozilla/
11. Start firefox
12. Go to URL
13. Observe browser doesn't crash
14. Repeat from 2
Test case (stripped down version of the Mailman admin page) is attached. The "success" page is just a stub HTML page with a link to this bug and back to the test case for convenience.
Something like the launchpad.net signon form can serve as an example that doesn't crash.
Ewen