Update of Firefox disables PSM (not more SSL or saved passwords)

I too am experiencing this.

I use Ubuntu Dapper 6.06 LTS x86_64, kernel 2.6.15.26

Firefox update 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1 apparently broke many sites (e.g. amazon.com personal account maintenance; launchpad.net) due to above problem with PSM.

Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.12) Gecko/20060216 Debian/1.7.12-1.1ubuntu2
allowed me to access this site.

i cannot reproduce with the current dapper version. However we ship a fix that sounds related. So probably this will be fixed really soon.

This is weird - I hope it's a clue.

Using Synaptic, I "Completely Removed" Firefox (which automatically entailed removing two Epiphany programs and Yelp). Then I immediately re-installed FIrefox and firefox-gnome-support. Now I can access https://www.amazon.com, https://launchpad.net, etc.

HOWEVER, when I click on the link https://launchpad.net/bugs/89023 as it appears in the "bounces<at>canonical.com" e-mail, I still get the PSM error message (I use Thunderbird). BUT I can type the same address into the address bar of an open Firefox window, and get the page.

On Fri, Mar 02, 2007 at 02:51:13AM -0000, Stephen D Kamm wrote:
> This is weird - I hope it's a clue.
> HOWEVER, when I click on the link https://launchpad.net/bugs/89023 as it
> appears in the "bounces<at>canonical.com" e-mail, I still get the PSM
> error message (I use Thunderbird). BUT I can type the same address into
> the address bar of an open Firefox window, and get the page.
>

There should be a new version of firefox in dapper now. Maybe try and
let us know if everything is gone.

 - Alexander

The latest update to Firefox 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2 has fixed the problem for me. Thanks for the quick fix!

thanks for confirming this.

Sorry, but a simple Synaptic update using Firefox 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2 re-broke my partially functional Firefox.

The patch did not work for me

I will try complete removal and re-install, and see if that works, again.

OK, after "Complete Removal" and re-installation, I am in the same situation reported in my comment of 2007-03-02 02:51:13 UTC.

In other words, in my installation, 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2 is, from the user's perspective, functionally the same as 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1

Could there be a 64-bit issue left unpatched?

On Fri, Mar 02, 2007 at 02:01:25PM -0000, Stephen D Kamm wrote:
> OK, after "Complete Removal" and re-installation, I am in the same
> situation reported in my comment of 2007-03-02 02:51:13 UTC.
>
> In other words, in my installation, 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2
> is, from the user's perspective, functionally the same as
> 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1
>
> Could there be a 64-bit issue left unpatched?
>

Most likely you did not just restart firefox after upgrade properly.

 - Alexander

Alexander Sack wrote:
> Most likely you did not just restart firefox after upgrade properly.
>
???

I clicked on the launcher on the panel, as usual. If you mean I didn't
shut down Firefox before upgrade, my recollection is that I in fact did,
out of normal habit. But to test your hypothesis, using Synaptic I
performed "Complete Removal" of:

mozilla-thunderbird
firefox
firefox-gnome-support
mozilla-browser
j2re1.4-mozilla-plugin
mozilla-psm

Then re-booted.

The, using Synaptic, I installed:

firefox 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2
firefox-gnome-support 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2
mozilla-thunderbird 1.5.0.9-0ubuntu0.6.06

and I replicated exactly the situation described in my post of
2007-03-02 02:51:13 UTC: https works from within Firefox, but clicking
on link from Thunderbird e-mail produces PSM error.

Does this need to be opened as a separate bug?

On Fri, Mar 02, 2007 at 04:36:48PM -0000, Stephen D Kamm wrote:
>
> and I replicated exactly the situation described in my post of
> 2007-03-02 02:51:13 UTC: https works from within Firefox, but clicking
> on link from Thunderbird e-mail produces PSM error.
>

OK, that might be more reasonable then https does not work at
all.

Will take a look. Probably this will automatically go away when
thunderbird is upgraded too.

 - Alexander

My wife is affected by this problem too - in firefox, independent of thunderbird.

Since the most recent update to firefox was applied (via the orange update icon on the panel), she has been unable to access her on-line banking.

It's easy to replicate: enter URL http://www.barclays.co.uk/, then click on the "log in" button at the top left hand corner. We then get the firefox error about Personal Security Manager, sometimes after a very long delay. My workaround for her has been to install Opera 9.10, which works just fine with this site.

Firefox has definitely, definitely been restarted (I can show with 'ps -auxw' that it's not running, before restarting it)

Now, things are even stranger with another site. Go to https://signup.tiscali-business.co.uk/ and you should just get a redirect to another page. If I do this when logged in as my wife, it gives the PSM error. But if I do this when logged in as myself, it works just fine. This seems to imply that there is some stored state which affects things (although I'm unable to get a Barclays login page from either account). Possibly an rm -rf ~/.mozilla might fix the problem, but I would rather avoid this if at all possible.

I compared .mozilla/firefox/*/prefs.js between the two accounts. Mine has signon.rememberSignons=false, whilst hers has signon.SignonFilename = "something.s". I tried using about:config to set signon.rememberSignons=false on hers, then stopped and restarted firefox, but that didn't seem to make a difference.

My wife does use thunderbird, but I am replicating this problem directly within firefox, and indeed it's the same even if thunderbird is not running at all.

P.S. Version info:

$ dpkg-query -l | grep firefox
ii firefox 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2 lightweight web browser based on Mozilla
ii firefox-gnome-support 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2 Support for Gnome in Mozilla Firefox
ii libnspr4 1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2 Netscape Portable Runtime Library
ii libnss3 1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2 Network Security Service Libraries - runtime
ii mozilla-firefox-locale-en-gb 1.5.0.1ubuntu6-2 Mozilla Firefox English language/region pack

P.P.S. I had to use Opera to submit this comment too. When viewing https://launchpad.net/ubuntu/+source/firefox/+bug/89023 in firefox, clicking "Add a comment/attachment" just adds a '+index#' to the URL and jumps to the top of the screen - nowhere to enter any text. Whereas in Opera, there's a triangle next to "Add a comment/attachment" which opens up an entry form. I suspect that's a separate bug, even though https is involved too.

I have the same problem.

It seems that the SSL is broken due to an incorrect setting in the personal profile of the user (something under ~/.mozilla/firefox) so it can be broken for one user of the PC but work for the others.

As a workaround I use to:
1) update my firefox SSL configuration in edit/preferences/advanced/security/protocols. Something like enabling or disabling TLS 1.0. (Most of the site support SSL 3.0, so it doesn't matter if you disbale it - the important point is to modify the config)
2) close firefox (all instances)
3) restart firefox

then SSL works again :-)
... until the problem re-appear :-(
but at least SSL stays one whole firefox session.

Olivier.

On Mon, Mar 26, 2007 at 10:07:28AM -0000, Olivier Berlanger wrote:
> I have the same problem.
>
> It seems that the SSL is broken due to an incorrect setting in the
> personal profile of the user (something under ~/.mozilla/firefox) so it
> can be broken for one user of the PC but work for the others.
>
> As a workaround I use to:
> 1) update my firefox SSL configuration in edit/preferences/advanced/security/protocols. Something like enabling or disabling TLS 1.0. (Most of the site support SSL 3.0, so it doesn't matter if you disbale it - the important point is to modify the config)
> 2) close firefox (all instances)
> 3) restart firefox
>
> then SSL works again :-)
> ... until the problem re-appear :-(
> but at least SSL stays one whole firefox session.
>

Do you have any custom certificates installed?

 - Alexander
--
 GPG messages preferred. | .''`. ** Debian GNU/Linux **
 Alexander Sack | : :' : The universal
 <email address hidden> | `. `' Operating System
 http://www.asoftsite.org/ | `- http://www.debian.org/

> Do you have any custom certificates installed?

In my case, I don't think so. If I run

    strings .mozilla/firefox/*/cert8.db

on both my own account or my wife's, I see only "Version". Is there another or more direct way to check?

The problem remains. My account can access https sites, but hers cannot. Under her account, if I "mv .mozilla .mozilla-old" and restart, she gets a fresh session which works just fine - if I mv it back again, SSL sites no longer work.

I tried running a diff between the fresh and old .mozilla directories. There are so many files that it's hard to see what's significant. I do notice that she appears to have installed the google toolbar extension though (lots of files referring to 'amulet')

Regards, Brian.

Uninstalling the google toolbar appears to have fixed the problem! At least, I could go to https://signup.tiscali-business.co.uk/ immediately. The first time I tried http://www.barlays.co.uk/ and 'login' I got the same error, but after a couple of retries it was fine.

So this needs some more exhaustive testing, but that may be where the problem lies.

On Mon, Mar 26, 2007 at 08:00:26PM -0000, Brian Candler wrote:
> Uninstalling the google toolbar appears to have fixed the problem! At
> least, I could go to https://signup.tiscali-business.co.uk/ immediately.
> The first time I tried http://www.barlays.co.uk/ and 'login' I got the
> same error, but after a couple of retries it was fine.
>
> So this needs some more exhaustive testing, but that may be where the
> problem lies.
>

Can you reproduce the problem by installing google toolbar again?

 - Alexander

on 2007-03-26 13:09:08 UTC Alexander Sack wrote:

> Do you have any custom certificates installed?

No custom certificate.

Deleting the whole ~/.mozilla/firefox also fix the problem temporary. I'm still no able to find the condition making it coming back.

Olivier

On Mon, Mar 26, 2007 at 09:57:07PM -0000, Alexander Sack wrote:
> On Mon, Mar 26, 2007 at 08:00:26PM -0000, Brian Candler wrote:
> > Uninstalling the google toolbar appears to have fixed the problem! At
> > least, I could go to https://signup.tiscali-business.co.uk/ immediately.
> > The first time I tried http://www.barlays.co.uk/ and 'login' I got the
> > same error, but after a couple of retries it was fine.
> >
> > So this needs some more exhaustive testing, but that may be where the
> > problem lies.
> >
>
> Can you reproduce the problem by installing google toolbar again?

No; after reinstalling the toolbar the problem has not reoccured. This is
also without installing the latest firefox update (I've been keeping the
latest batch of Ubuntu updates on hold while testing this out)

Regards,

Brian.