Public bug reported: Binary package hint: firefox
The latest security update for Firefox for Ubuntu Dapper (6.06), version 1.5.dfsg+1.5.0.9-0ubuntu0.6.06, now causes Firefox to crash repeatedly when using a saved password field on a Mailman admin login screen. This did not happen with the previous version (1.5.dfsg+1.5.0.8-0ubuntu0.6.06) or any previous version that I can recall. Other forms with saved passwords may also be affected (I initially thought that it was all saved forms, but it seems the one for launchpad.net isn't affected -- curious). Ubuntu Version: Dapper Drake (6.06) Firefox Version: 1.5.dfsg+1.5.0.9-0ubuntu0.6.06, Reproducable: always How to reproduce: 1. Stop Firefox 2. Remove ~/.mozilla/firefox/PROFILE/signons.txt 3. Start Firefox 4. Go to http://somelistserver/mailman/admindb/mailman 5. Log in 6. Choose to allow Firefox to save the password 7. Observe Firefox crashes 8. Restart Firefox 9. Go back to http://somelistserver/mailman/admindb/mailman 10. Observe Firefox crashes again without displaying the page 11. Go back to step 2 and repeat. 12. Go back to step 2 and repeat choosing NOT to save the password at step 6 and observe Firefox doesn't crash Desired behaviour: As per previous version, should fill in saved password for the form and not crash. Other notes: It doesn't appear necessary for the password to actually be correct; just that it be saved. The crash on visiting the page with a saved password appears to happen aroun the time that the saved password might be pre-filled. Completely removing the saved passwords and starting again doesn't seem to help; as soon as the password is saved the problem reappears. Removing the firefox profile and starting again also doesn't seem to help; again as soon as the password is saved the problem reappears. The only thing I can see which is noticably different between the Mailman login page and, eg, the launchpad.net login page, in terms of saved passwords, is that the Mailman page is password-only, whereas the launchpad.net has an email address as well as the password. Possibly the bug is somehow related to the form being password-only. This behaviour is new with the security update for Ubuntu Dapper which came out this morning. I've used the saved password feature with many previous versions of Firefox without any problems. Knowing the issues which have been reported with Firefox recently, including a password stealing attack, I'd guess that there is a bug in the "fix" chosen to try to defeat that password stealing attack. Finally, for what little it seems to be worth, a backtrace of the coredump: [EMAIL PROTECTED]:/var/tmp$ gdb /usr/lib/firefox/firefox-bin core.10049 GNU gdb 6.4-debian Copyright 2005 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i486-linux-gnu"...(no debugging symbols found) Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". (no debugging symbols found) Core was generated by `/usr/lib/firefox/firefox-bin -a firefox'. Program terminated with signal 11, Segmentation fault. [....] #0 0xffffe410 in __kernel_vsyscall () (gdb) bt #0 0xffffe410 in __kernel_vsyscall () #1 0xb7e56790 in raise () from /lib/tls/i686/cmov/libpthread.so.0 #2 0x08055e0b in ?? () #3 0x0000000b in ?? () #4 0xbfaf0e8c in ?? () #5 0x00000000 in ?? () (gdb) Ewen ** Affects: firefox (Ubuntu) Importance: Undecided Status: Unconfirmed -- Firefox: saved passwords causes crash with Mailman admin page https://launchpad.net/bugs/77859 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
