Open
Bug 1086278
Opened 10 years ago
Updated 2 years ago
Windows/Mac firewall dialog pops up on startup
Categories
(Firefox :: General, defect)
Firefox
General
Tracking
()
People
(Reporter: emk, Unassigned)
References
Details
Steps to reproduce:
1. Make sure rules for Firefox/Nightly/Aurora are not present in Windows Firewall.
(Once Windows Firewall dialog pops up, the rule will be automatically added. So make sure rules are not present everytime.)
2. Launch Firefox.
Actual result:
Windows Firewall dialog pops up.
Expected result:
No dialog should be displayed.
Works https://hg.mozilla.org/releases/mozilla-aurora/rev/9d90f44e6585
Fails https://hg.mozilla.org/releases/mozilla-aurora/rev/ed68a14922fe
Suspected: Bug 1054959 - Add 'Send Video To Device' to the context menu for sending videos from desktop to a second screen
Reporter | ||
Comment 1•10 years ago
|
||
Looks like listening udp socket in SimpleServiceDiscovery.jsm causes the Windows Firewall popup.
Comment 3•10 years ago
|
||
[Tracking Requested - why for this release]:
status-firefox35:
--- → affected
status-firefox36:
--- → affected
tracking-firefox35:
--- → ?
tracking-firefox36:
--- → ?
Comment 4•10 years ago
|
||
Not sure there's a great way around this. Maybe we could get MS to whitelist us somehow (do they do that already)?
Reporter | ||
Comment 5•10 years ago
|
||
We can add ourselves to whitelist. Windows Firewall has an API to configure the rules.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365260%28v=vs.85%29.aspx
Another idea is using Function discovery API instead of speaking SSDP directly.
http://msdn.microsoft.com/en-us/library/windows/desktop/bb870632%28v=vs.85%29.aspx
Comment 6•10 years ago
|
||
(In reply to Masatoshi Kimura [:emk] from comment #5)
> We can add ourselves to whitelist. Windows Firewall has an API to configure
> the rules.
> http://msdn.microsoft.com/en-us/library/windows/desktop/aa365260%28v=vs.
> 85%29.aspx
Interesting. I assume the installer would need to do that.
> Another idea is using Function discovery API instead of speaking SSDP
> directly.
> http://msdn.microsoft.com/en-us/library/windows/desktop/bb870632%28v=vs.
> 85%29.aspx
Interesting idea. Can you file a SimpleServiceDiscovery.jsm bug in Toolkit::General to investigate that?
Comment 7•10 years ago
|
||
FWIW, I see a similar popup on Mac as well (not sure whether I'm using the default firewall settings, probably not):
https://cloudup.com/cRNGwMk1GUN
OS: Windows 8.1 → All
Hardware: x86_64 → All
Summary: Windows Firewall dialog pops up on startup → Windows/Mac firewall dialog pops up on startup
Comment 8•10 years ago
|
||
(In reply to :Gavin Sharp [email: gavin@gavinsharp.com] from comment #7)
> FWIW, I see a similar popup on Mac as well (not sure whether I'm using the
> default firewall settings, probably not)
Probably, I don't see it.
Reporter | ||
Comment 9•10 years ago
|
||
(In reply to :Gavin Sharp [email: gavin@gavinsharp.com] from comment #6)
> (In reply to Masatoshi Kimura [:emk] from comment #5)
> > We can add ourselves to whitelist. Windows Firewall has an API to configure
> > the rules.
> > http://msdn.microsoft.com/en-us/library/windows/desktop/aa365260%28v=vs.
> > 85%29.aspx
>
> Interesting. I assume the installer would need to do that.
Yes, we need Administrator privileges to enable listening on SSDP multicast address/port.
But even if we have no privileges, we can add a disabled rule to prevent Windows Firewall dialog from disturbing users.
> > Another idea is using Function discovery API instead of speaking SSDP
> > directly.
> > http://msdn.microsoft.com/en-us/library/windows/desktop/bb870632%28v=vs.
> > 85%29.aspx
>
> Interesting idea. Can you file a SimpleServiceDiscovery.jsm bug in
> Toolkit::General to investigate that?
Filed bug 1087793, but I can't promise I can work on this.
Comment 10•10 years ago
|
||
Bug 1054959 was backed out of Firefox 35.
Comment 11•10 years ago
|
||
Gavin, is there any plan for this bug or should we do the same as in 35?
Flags: needinfo?(gavin.sharp)
Comment 12•10 years ago
|
||
I'm not sure whether anyone is counting on shipping bug 1054959 in Firefox 36.
Bug 1090535 addresses this on Windows, but only for new users.
It's not at all clear the scope of the impact of this is on Windows. Comment 0 suggests this only appears once, which doesn't sound so bad.
Flags: needinfo?(gavin.sharp)
Comment 13•10 years ago
|
||
(In reply to :Gavin Sharp [email: gavin@gavinsharp.com] from comment #12)
> I'm not sure whether anyone is counting on shipping bug 1054959 in Firefox
> 36.
>
> Bug 1090535 addresses this on Windows, but only for new users.
It also does this on Windows on update.
Comment 14•10 years ago
|
||
Note: on install and on update require the user to elevate or to be updating via the service to add it.
Comment 15•10 years ago
|
||
(In reply to Robert Strong [:rstrong] (use needinfo to contact me) from comment #13)
> It also does this on Windows on update.
Oh, good - didn't realize that. Makes me feel much better about this bug.
Comment 16•10 years ago
|
||
This makes running tests locally a Firefox while developing a huge pain: every test run you have to dismiss the firewall dialog....
Comment 17•10 years ago
|
||
Er, "running tests locally in Firefox"
Comment 18•10 years ago
|
||
(In reply to Boris Zbarsky [:bz] from comment #16)
> This makes running tests locally a Firefox while developing a huge pain:
> every test run you have to dismiss the firewall dialog....
Also, this has been true for ssltunnel.exe requesting a Firewall exception for a long time.
This bug is specifically about users seeing the Firewall exception request which can be handled during installation. For dev environments the components requesting the exception (e.g. ssltunnel.exe, send video code, dev tools code, etc.) would need to handle this somehow since there is no installation occurring.
Comment 19•10 years ago
|
||
(In reply to :Gavin Sharp [email: gavin@gavinsharp.com] from comment #12)
> I'm not sure whether anyone is counting on shipping bug 1054959 in Firefox
> 36.
OK. I am going to wontfix it for 36 (and tracking it for 37).
Thanks
Comment 20•10 years ago
|
||
The windows portion of this bug was fixed by bug 1090535, and the Mac portion does not affect release builds (presumably because they are signed), so no need to track this.
Comment 21•10 years ago
|
||
I really hope there is a fix for this soon as we will be unable to release 36.0 to our client systems if users are prompted to poke holes in the firewall. Poking holes requires admin rights in Windows systems and we really just do not want to flood our service desks for what should be a basic browser update. Not only is the experience frustrating for our front line staff, but also confusing to our end users.
Thanks.
Comment 22•10 years ago
|
||
Users can install Firefox without Admin privileges (on both Mac and Windows). This is nice as then the Mozilla updating service doesn't get installed and the user can easily update their own copy. Very useful on a personal machine that is set up properly (with a completely separate admin account). Unfortunately, these people will get the pesky dialogue (unless they have disabled the firewall from notifying them).
Whatever feature is asking to bind to a port should be made an optional setting with the default setting of off - and a warning that you will need to add a firewall rule if you turn it on to use it properly (and what that rule should look like - as they may have to put a rule on their Cable/DSL router as well).
Comment 23•10 years ago
|
||
For those following along, there is additional discussion about v36 on Windows over in bug 1136772.
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•