This was fixed in Firefox 74/75.
** Changed in: firefox (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1843044
Title:
firefox
(In reply to Olivier Tilloy from comment #16)
> Any chance this fix can be cherry-picked to the firefox 74 branch?
It certainly _can_; I don't have any other current ride-along plans for
a NSS 3.50 point release, but I'd be happy to add this to the to-do list
if we make one. Since on Linux NSS is
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1843044 is a
downstream (Ubuntu) bug report describing how firefox crashes with a
FIPS-enabled kernel (and this is what prompted Victor to contribute this
patch).
Given the nature of the problem (a crash), it would be good to have the
patch
Any chance this fix can be cherry-picked to the firefox 74 branch?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1843044
Title:
firefox crashes on a FIPS enabled machine
Status in
https://hg.mozilla.org/projects/nss/rev/55ba54adfcaea2f984a999a511eec5047462eb57
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1843044
Title:
firefox crashes on a FIPS enabled
** Changed in: firefox
Status: New => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1843044
Title:
firefox crashes on a FIPS enabled machine
Status in Mozilla
The new patch looks fine, I've r+'ed it. since it's close to the end of
the day, I'll push the change later.
bob
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1843044
Title:
Bob, can you take a look at this review when possible? It's pretty
simple conditional compilation for FIPS.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1843044
Title:
firefox
Created attachment 9123528
Bug 1582169 - Disable reading /proc/sys/crypto/fips_enabled if FIPS is not
enabled on build
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1843044
Title:
Sure, I'm not familiar with the process but will give it a try. Sorry
for the late response btw, I've been afk :)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1843044
Title:
Victor, are you still interested in working on this bug? Note that we use
phabricator to do code review:
https://moz-conduit.readthedocs.io/en/latest/phabricator-user.html
Also note that you'll be making changes to nss
(https://hg.mozilla.org/projects/nss/), not mozilla-central directly.
(it
** Tags added: sts-sponsor-slashd
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1843044
Title:
firefox crashes on a FIPS enabled machine
Status in Mozilla Firefox:
New
Status in
Created attachment 9120251
nss-stop-fips-query-when-disabled.patch
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1843044
Title:
firefox crashes on a FIPS enabled machine
Status in
Created attachment 9120250
nss-stop-fips-query-when-disabled.patch
I'm attaching a patch that uses NSS_FIPS_DISABLED so
/proc/sys/crypto/fips_enabled won't be checked when NSS is not built in
FIPS mode (without --enable-fips).
--
You received this bug notification because you are a member of
We have multiple reports of the latest Firefox not working with
FIPS due to the above ongoing, so we would like to determine
how to fix this as a priority.
We are trying to determine what the best approach to take is
given the Mozilla team's direction to keep the default behavior
of the nss
** Changed in: firefox (Ubuntu)
Status: New => Confirmed
** Changed in: firefox (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1843044
If NSS was built with the FIPS options enabled (`./build.sh --enable-
fips`), and is then used with a database set to FIPS mode (`modutil
-fips true -dbdir dir`), then Firefox should automatically also go into
FIPS mode.
--
You received this bug notification because you are a member of Desktop
Alternatively to patching this, what is the modern way to enable FIPS in
Firefox? I found these instructions: https://support.mozilla.org/en-
US/kb/Configuring%20Firefox%20for%20FIPS%20140-2 but no matter what I do
I can't get FIPS enabled - nor will "Enable FIPS" not be grayed out in
Security
Found the original bug enabling this change here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1531267
I tried to enable FIPS on 66/70/73 Nightly and could not get Firefox's
Enable FIPS button to work on Ubuntu. Latest Nightly still crashes on
Ubuntu. Also tried disabling TLS1.3 and all ciphers
Did anyone test trying to get Firefox into FIPS mode (I know that
NSS/Firefox hasn't been validated for Ubuntu) -
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
/FIPS_Mode_-_an_explanation
--
You received this bug notification because you are a member of Desktop
Packages, which is
** Tags added: sts
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1843044
Title:
firefox crashes on a FIPS enabled machine
Status in Mozilla Firefox:
New
Status in firefox package
Comment on attachment 9093608
firefox_nss_disable_fips_enabled_flag.patch
As both above comments said, this would need to be rewritten to make use
of our FIPS compile-time options, not unconditionally compile-out FIPS
mode, as NSS is absolutely used in FIPS compliant ways regularly.
--
You
Do not apply this patch as written. Firefox may not be FIPS validated,
but NSS itself is. If you want a distribution free of NSS reading the
flag, please create a new #define and build environment variable.
Reading the FIPS flag on Linux should be default behavior (at least if
the NSS FIPS value
Bob, as this is related to NSS and Firefox's FIPS mode, can you take
this one?
Reporter: I will note that the patch as-is would need to be reworked to
determine whether NSS was built in FIPS mode, rather than commenting out
the reads.
--
You received this bug notification because you are a
[Bugbug](https://github.com/mozilla/bugbug/) thinks this bug should
belong to this component, but please revert this change in case of
error.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
Launchpad has imported 2 comments from the remote bug at
https://bugzilla.mozilla.org/show_bug.cgi?id=1582169.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
** Bug watch added: Mozilla Bugzilla #1582169
https://bugzilla.mozilla.org/show_bug.cgi?id=1582169
** Also affects: firefox via
https://bugzilla.mozilla.org/show_bug.cgi?id=1582169
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member
Tested the firefox build on Bionic with FIPS enabled and disabled and it
is working as expected.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1843044
Title:
firefox crashes on a
Tested the firefox build on Xenial with FIPS enabled and disabled, it
works as expected.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1843044
Title:
firefox crashes on a FIPS
** Description changed:
[IMPACT]
- firefox is not a FIPS certified library. firefox uses bundled nss and on a
machine running FIPS enabled kernel, nss by default goes into FIPS mode if
/proc/sys/crypto/fips_enabled=1. This is an untested configuration and since
firefox with bundles nss is
debdiff.xenial
** Attachment added: "debdiff.xenial"
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1843044/+attachment/5287138/+files/debdiff.xenial
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
debdiff.bionic
** Attachment added: "debdiff.bionic"
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1843044/+attachment/5287139/+files/debdiff.bionic
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
debdiff.eoan
** Attachment added: "debdiff.eoan"
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1843044/+attachment/5287141/+files/debdiff.eoan
** Description changed:
[IMPACT]
- firefox is not a FIPS certified library. firefox uses bundled nss and on a
machine running FIPS
debdiff.disco
** Attachment added: "debdiff.disco"
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1843044/+attachment/5287140/+files/debdiff.disco
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
The build log and test runs for eoan build is on my test ppa
https://launchpad.net/~vineetha/+archive/ubuntu/firefox-test/+build/17525936
The build log and test runs for disco build is on my test ppa
https://launchpad.net/~vineetha/+archive/ubuntu/firefox-test/+build/17525851
The build log and
Public bug reported:
[IMPACT]
firefox is not a FIPS certified library. firefox uses bundled nss and on a
machine running FIPS enabled kernel, nss by default goes into FIPS mode if
/proc/sys/crypto/fips_enabled=1. This is an untested configuration and since
libnss3 is not a certified library we
36 matches
Mail list logo
