[Bug 1837734] [NEW] firefox crash on a FIPS enabled machine due to libnss3
Vineetha Kamath
1837734 at bugs.launchpad.net
Wed Jul 24 13:41:50 UTC 2019
Public bug reported:
[IMPACT]
nss is not a FIPS certified library. On a machine running FIPS enabled kernel, the library by default goes into FIPS mode if /proc/sys/crypto/fips_enabled=1. This is an untested configuration and since libnss3 is not a certified library we propose disabling reading the 'fips_enabled' flag and therefore switching the library automatically into FIPS mode. A FIPS customer reported firefox crash on a FIPS enabled system and strace showed it was repeatedly trying to read the fips_enabled flag from libnss3 before crashing.
The proposed patch disables reading the /proc/sys/crypto/fips_enabled
flag. The users of the library however can force nss into FIPS mode via
an environment variable. We plan to leave it as is so as not to regress
existing users who may be using it.
The issue impacts libnss3 versions in eoan, disco, bionic and xenial.
lsb_release -rd
Description: Ubuntu Eoan Ermine (development branch)
Release: 19.10
** Affects: nss (Ubuntu)
Importance: High
Assignee: Vineetha Kamath (vineetha)
Status: New
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1837734
Title:
firefox crash on a FIPS enabled machine due to libnss3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1837734/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list