Ubuntu
firefox package

Java applet unable to load

Bug #553452 reported by Christopher
52
This bug affects 10 people
Affects Status Importance Assigned to Milestone
Iced Tea
New
Undecided
Unassigned
OpenJDK
New
Undecided
Unassigned
firefox (Ubuntu)
Confirmed
Undecided
Unassigned
openjdk-6 (Ubuntu)
Incomplete
Undecided
Unassigned

Bug Description

Binary package hint: firefox

The Java issue is getting worse in FF 3.6.2. I have been having trouble logging in to the Canada Revenue Agency 'My Account' since the release of 3.6. I had been getting in partway then the screen jumped a bit and I was returned to the Login page. Now the site returns the Summary message.

There is no issue at all in Karmic with FF 3.5.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: firefox 3.6.2+nobinonly-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.32-18.27-generic 2.6.32.10+drm33.1
Uname: Linux 2.6.32-18-generic i686
Architecture: i386
Date: Thu Apr 1 13:46:19 2010
FirefoxPackages:
 firefox 3.6.2+nobinonly-0ubuntu1
 firefox-gnome-support 3.6.2+nobinonly-0ubuntu1
 firefox-branding 3.6.2+nobinonly-0ubuntu1
 abroswer N/A
 abrowser-branding N/A
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Alpha i386 (20091225)
ProcEnviron:
 LANG=en_CA.utf8
 SHELL=/bin/bash
SourcePackage: firefox

Related branches

lp:ubuntu/natty/openjdk-6
Revision history for this message
Christopher (soft-kristal) wrote :
Alex Mayorga (alex-mayorga)
Changed in firefox (Ubuntu):
assignee: nobody → Alex Mayorga Adame (alex-mayorga)
Revision history for this message
Alex Mayorga (alex-mayorga) wrote :
Download full text (5.5 KiB)

Christopher,

Can you try running firefox from a terminal and see if you get something like this on the terminal while running the applet?

java version "1.6.0_18"
OpenJDK Runtime Environment (IcedTea6 1.8pre) (6b18~pre3-0ubuntu1)
OpenJDK 64-Bit Server VM (build 16.0-b13, mixed mode)
Looking for 0x7f0160ca84d8 0x7f0160c06300 0x7f017294c8a4 (document)
java.security.ProviderException: Could not initialize NSS
 at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:201)
 at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
 at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
 at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:262)
 at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:244)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:244)
 at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:224)
 at sun.security.jca.ProviderList.getProvider(ProviderList.java:232)
 at sun.security.jca.ProviderList.getService(ProviderList.java:330)
 at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
 at java.security.Security.getImpl(Security.java:696)
 at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:130)
 at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:121)
 at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114)
 at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:381)
 at sun.security.x509.X509Key.parse(X509Key.java:168)
 at sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)
 at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:705)
 at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)
 at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1747)
 at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:196)
 at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:107)
 at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:322)
 at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:763)
 at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
 at java.security.KeyStore.load(KeyStore.java:1201)
 at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:221)
 at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:51)
 at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:247)
 at net.sourceforge.jnlp.security.VariableX509TrustManager.<init>(VariableX509TrustManager.java:100)
 at net.sourceforge.jnlp.security.VariableX509TrustManager.getInstance(VariableX509TrustManager.java:282)
 at sun.applet.PluginMain.init(PluginMain.java:217)
 at sun.applet.PluginMain.<init>(PluginMain.java:147)
 at sun.applet.PluginMain.main(PluginMain.java:116)
Caused by: java.io.IOException: /usr/lib/firefox-3.6/...

Read more...

Changed in firefox (Ubuntu):
status: New → Incomplete
Revision history for this message
Christopher (soft-kristal) wrote :

Running Firefox from either a terminal or Alt+F2 'run in terminal' just launches the browser, unless I need to add something after 'firefox' in the terminal. I waited, but nothing appeared in the terminal window, and closing it just closes Firefox.

I am attaching my about:plugins file, if that helps.

Revision history for this message
Alex Mayorga (alex-mayorga) wrote :

Christopher,

I meant to launch firefox from the terminal and then browse to the non-working applet. I've been getting the stack trace I put when I go to http://www.javatester.org/version.html for example.

Alex Mayorga (alex-mayorga)
Changed in firefox (Ubuntu):
assignee: Alex Mayorga Adame (alex-mayorga) → nobody
Revision history for this message
Christopher (soft-kristal) wrote :

http://www.javatester.org/version.html reports that Java 1.6.0_18 is installed, but the Canada Revenue Agency My Account (https://blrscr3.egs-seg.gc.ca/gol-ged/gov/browserdetection/BrowserCheck.html) does load the applet. The message returned is:

A problem has occurred.
BRS010:
Java applet unable to load

The issue of Java continuing to run and consume the processor after the window has been closed is a Java issue, as I recall it being a problem with both Firefox and IE in my Windows days.

It still works fine in Karmic, as of Saturday.

Revision history for this message
John Markh (dragonsol) wrote :

Confirm that this bug affects me too.
The applet does not load on the Canada Revenue Agency website when it is working perfectly under Karmic.

Revision history for this message
John Markh (dragonsol) wrote :
affects: openjdk → icedtea
Revision history for this message
Yann Rouillard (yann-pleiades) wrote :

Could it be similar to the problem described here: http://permalink.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8883 ?

Revision history for this message
Paul Donohue (s-launchpad-paulsd-com) wrote :
Download full text (4.6 KiB)

I'm not entirely sure if it's the same problem, but I'm having a similar problem.

I use a Java Web Start app which downloads its jar file via https.

The app works fine in FF3.5.8.

However, when attempting to run the app from FF3.6.3, I get the following:
test@test-desktop:~$ firefox
java.security.ProviderException: Could not initialize NSS
                at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:201)
                at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
                at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
                at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
                at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
                at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
                at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:262)
                at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:244)
                at java.security.AccessController.doPrivileged(Native Method)
                at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:244)
                at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:224)
                at sun.security.jca.ProviderList.getProvider(ProviderList.java:232)
                at sun.security.jca.ProviderList.getService(ProviderList.java:330)
                at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
                at java.security.Security.getImpl(Security.java:696)
                at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:130)
                at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:121)
                at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114)
                at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:381)
                at sun.security.x509.X509Key.parse(X509Key.java:168)
                at sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)
                at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:705)
                at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)
                at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1747)
                at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:196)
                at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:107)
                at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:322)
                at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:763)
                at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
                at java.security.KeyStore.load(KeyStore.java:1201)
                at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:221)
                at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:51)
                at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory...

Read more...

Revision history for this message
Paul Donohue (s-launchpad-paulsd-com) wrote :

BTW, is there a reason FF is using it's own libnss3.so instead of using the standard library from the libnss3-1d package?

Revision history for this message
Paul Donohue (s-launchpad-paulsd-com) wrote :

Interestingly, removing /usr/lib/firefox-3.6.3/libnss3.so, then running ldconfig, then trying it again (to force firefox to use the system libnss3.so) does NOT fix the problem.

Revision history for this message
Christopher (soft-kristal) wrote :

Today's FF and Java updates just regressed to my original problem with the Canada Revenue Agency 'My Account' area. The applet loads, I enter my username and password, then the display jumps a bit and I'm back to the login page again. I haven't been able to access this website since FF 3.6 was released.

Revision history for this message
LRD (lrd) wrote :

I hope this is helpful to someone. Please note: I use Ubuntu64
I had the same problem. FF 3.5.9 resulting in "Java applet unable to load" when accessing CRA's Account page.
I found that FF 3.6 has replaced IceTea with SunJava6 plugin:
https://help.ubuntu.com/community/AMD64/FirefoxAndPlugins#java
I followed the instruction for FF3.6, replaced IceTea with SunJava6 and success - I can now access CRA Account page without any problems.
Cheers.

Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100402 Ubuntu/9.10 (karmic) Firefox/3.5.9

Revision history for this message
Christopher (soft-kristal) wrote :

Thanks - I'm using a 32 bit Intel and it worked like a charm: I can connect to CRA My Account and Java closes gracefully after logging out of My Account.

I already had sun-java6-plugin, and used Synaptics to 'completely remove' the icedtea plugin.

Revision history for this message
Christopher (soft-kristal) wrote :

The bug has returned in Maverick. Today's updated installed the icedtea plugin and removed my sun-java6-plugin. Worse, the sun-java6-plugin is no longer available.

The old problem with the Canada Revenue Agency has returned. Please note that this is is the one thing that will cause me to abandon Ubuntu, as I'm an Efiler and MUST have access to the MyAccount section of the CRA website.

Revision history for this message
Paul Donohue (s-launchpad-paulsd-com) wrote :

I'm using the openjdk and icedtea packages from Maverick on a Lucid box, and it works fine for me.

I was actually having problems with Java applets (but not Java WebStart applications) running at 100% CPU (even though they were responsive and apparently working properly) on Lucid, and that problem has been fixed with these packages from Maverick.

Were the openjdk/icedtea package updates the only thing that changed for you between when it last worked and now?

Revision history for this message
Christopher (soft-kristal) wrote :

Most sites are fine - Sun itself shows the plugin as installed and yes, the CPU overuse problem isn't there anymore.

The problem - and it's a huge one for me is the Canada Revenue Agency website's My Account section. I would really appreciate being able to revert to the sun-java6-plugin until this issue is resolved.

The current problem is identical to my reply #12, 2010-04-15 on this page.

Revision history for this message
Paul Donohue (s-launchpad-paulsd-com) wrote :
Download full text (3.3 KiB)

Ok, so you are seeing something different than I was originally seeing.
My applets originally wouldn't load at all (due to the libnss exception I mentioned above) ... you are saying that your applet would load but just not work properly.

I don't have an account that I can use to log into the Canada Revenue Agency's site. However, when I run firefox from a terminal and go to the link you mentioned above (https://blrscr3.egs-seg.gc.ca/gol-ged/gov/browserdetection/BrowserCheck.html), I do see a bunch of output in the console:

java version "1.6.0_20"
OpenJDK Runtime Environment (IcedTea6 1.9pre) (6b20~pre1-0ubuntu2)
OpenJDK 64-Bit Server VM (build 17.0-b16, mixed mode)
[EntrustTruePassApplet/8.0 SP2] [DEBUG] CharacterEncoding=UTF8
[EntrustTruePassApplet/8.0 SP2] [DEBUG] LargeFileUploadChunkSize=8192
[EntrustTruePassApplet/8.0 SP2] [DEBUG] ForceKeyUpdate=0
[EntrustTruePassApplet/8.0 SP2] [DEBUG] KeyRolloverPercentage=42
[EntrustTruePassApplet/8.0 SP2] [DEBUG] PreserveClientApiFrame=ON
[EntrustTruePassApplet/8.0 SP2] [WARNING] Applet parameter ProxyTransactionBadInputWebPageUrl has not been set.
[EntrustTruePassApplet/8.0 SP2] [WARNING] Applet parameter ChangePasswordHistoryErrorWebPageUrl has not been set.
[EntrustTruePassApplet/8.0 SP2] [INFORMATIONAL] Initialized
[EntrustTruePassApplet/8.0 SP2] [INFORMATIONAL] Roaming EPF applet started
[EntrustTruePassApplet/8.0 SP2] [INFORMATIONAL] Stopped
[EntrustTruePassApplet/8.0 SP2] [INFORMATIONAL] Destroyed
[EntrustTruePassApplet/8.0 SP2] [DEBUG] CharacterEncoding=UTF8
[EntrustTruePassApplet/8.0 SP2] [DEBUG] LargeFileUploadChunkSize=8192
[EntrustTruePassApplet/8.0 SP2] [DEBUG] ForceKeyUpdate=0
[EntrustTruePassApplet/8.0 SP2] [DEBUG] KeyRolloverPercentage=42
[EntrustTruePassApplet/8.0 SP2] [DEBUG] PreserveClientApiFrame=ON
[EntrustTruePassApplet/8.0 SP2] [WARNING] Applet parameter ProxyTransactionBadInputWebPageUrl has not been set.
[EntrustTruePassApplet/8.0 SP2] [WARNING] Applet parameter ChangePasswordHistoryErrorWebPageUrl has not been set.
[EntrustTruePassApplet/8.0 SP2] [INFORMATIONAL] Initialized
[EntrustTruePassApplet/8.0 SP2] [INFORMATIONAL] Roaming EPF applet started
[EntrustTruePassApplet/8.0 SP2] [INFORMATIONAL] Stopped
[EntrustTruePassApplet/8.0 SP2] [INFORMATIONAL] Destroyed
[EntrustProfileApplet/8.0 SP1] [INFORMATIONAL] Initialized
[EntrustProfileApplet/8.0 SP1] [INFORMATIONAL] Roaming EPF applet started
[EntrustProfileApplet/8.0 SP1] [INFORMATIONAL] Stopped
[EntrustProfileApplet/8.0 SP1] [INFORMATIONAL] Destroyed
[EntrustTruePassApplet/8.0 SP2] [DEBUG] CharacterEncoding=UTF8
[EntrustTruePassApplet/8.0 SP2] [DEBUG] LargeFileUploadChunkSize=8192
[EntrustTruePassApplet/8.0 SP2] [DEBUG] ForceKeyUpdate=0
[EntrustTruePassApplet/8.0 SP2] [DEBUG] KeyRolloverPercentage=42
[EntrustTruePassApplet/8.0 SP2] [DEBUG] PreserveClientApiFrame=ON
[EntrustTruePassApplet/8.0 SP2] [WARNING] Applet parameter ProxyTransactionBadInputWebPageUrl has not been set.
[EntrustTruePassApplet/8.0 SP2] [WARNING] Applet parameter ChangePasswordHistoryErrorWebPageUrl has not been set.
[EntrustTruePassApplet/8.0 SP2] [INFORMATIONAL] Initialized
[EntrustTruePassApplet/8.0 SP2] [INFORMATIONAL] Roaming EPF applet started

You...

Read more...

Revision history for this message
Christopher (soft-kristal) wrote :

I've already re-installed sun-java6-plugin, as I don't have the time at present to figure it out. Perhaps Richard Seguin could get an Epass, him being a local and have his far greater expertise than mine diagnose the problem.

For other such GUI types as myself, please put the sun plugin back in the software repositories until icedtea is fixed.

Revision history for this message
Christopher (soft-kristal) wrote :

I just updated my Lucid partition and let the icedtea plugin and openjdk install for test purposes. Surprisingly, it is able to load and run My Account on the Canada Revenue Agency website quickly and without consuming much in the way of CPU resources.

I wouldn't know where to begin to figure out the difference between the effectiveness of icedtea on Lucid compared to Maverick.

As I have my working partition (Lucid) running icedtea, I'll re-install it on my Maverick to hopefully find where it fails.

Revision history for this message
Christopher (soft-kristal) wrote :

After re-installing the idedtea plugin on Maverick, these are the significant errors on the Canada Revenue Agency website reported in the console:

Error: uncaught exception: [Exception... "'[JavaScript Error: "win.document.getElementById(cs_id) is null" {file: "chrome://cachestatus/content/cachestatus.js" line: 94}]' when calling method: [nsICacheVisitor::visitDevice]" nsresult: "0x80570021 (NS_ERROR_XPC_JAVASCRIPT_ERROR_WITH_DETAILS)" location: "JS frame :: chrome://cachestatus/content/cachestatus.js :: update_cache_status :: line 112" data: yes]

(this error repeated 6 times)

Warning: Unknown property 'behavior'. Declaration dropped.
Source File: https://blrscr3.egs-seg.gc.ca/gol-ged/gov/EntrustTruePassApplet.html
Line: 0

blrscr3.egs-seg.gc.ca : potentially vulnerable to CVE-2009-3555

Revision history for this message
Fabián Rodríguez (magicfab) wrote :

FWIW, from http://www.cra-arc.gc.ca/epass-services/:
"On October 4, 2010, the Canada Revenue Agency (CRA) will be replacing the existing Government of Canada epass system with a new CRA user ID and password service. The CRA will transition the My Account, My Business Account and Represent a Client online services to a new system that will continue to provide secure authentication. "

I imagine this won't use Java anymore. Can someone confirm ?

If I understand correctly using Sun's Java works ?

Revision history for this message
Colan Schwartz (colan) wrote :

I can confirm that LRD's comment in #13 fixes it. Ubuntu needs to be told to use the Sun version. I'm not sure if there would still be licensing issues with making this the default.

Changed in firefox (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Micah Gersten (micahg) wrote :

Is this still occurring with the latest openjdk updates in maverick? Version 6b20-1.9 was recently pushed.

affects: sun-java6 (Ubuntu) → openjdk-6 (Ubuntu)
Changed in openjdk-6 (Ubuntu):
status: New → Incomplete
Revision history for this message
Ximin Luo (infinity0) wrote :

does this fix things?

http://www.unnaki.com/2011/07/libnss3-so-error-on-debian-wheezy/

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.