Closed Bug 1239485 Opened 9 years ago Closed 1 year ago

USER AGENT truncates Firefox version and causes problems

Categories

(addons.mozilla.org Graveyard :: Public Pages, defect)

Product:
addons.mozilla.org Graveyard
Component:
Public Pages
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: rdlymail-moz9bugzilla, Unassigned)

Details

User Agent: "" Build ID: 20160105164030 Steps to reproduce: Use Firefox Profile Manager to create a virgin profile Display 'Help'>'Troubleshooting Information' In the entry for 'User Agent' check the Firefox version shown (last part of UA) Compare this with 'Version' entry, immediately under 'Name' entry. In my case, 'Version' shows 43.0.4 Actual results: Actual result: 'User Agent' shows Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:43.0) Gecko/20100101 Firefox/43.0 That is, the most minor element of the Firefox version is not included. Expected results: Expected result: 'User Agent' shows Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:43.0) Gecko/20100101 Firefox/43.0.4
More Detail: ============ Effect: AMO will not allow me to manually install extensions or their updates shown as applicable to eg Firefox 43.0.3-44.0 Example: Mozilla Firefox hotfix Version 20151231.01 To reproduce: Using Firefox 43.0.4, and default UA Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:43.0) Gecko/20100101 Firefox/43.0 go to the AMO page for Mozilla Firefox hotfix Try to apply Mozilla Firefox hotfix Version 20151231.01 by clicking on the link. Expected result: the hotfix will be installed. Actual result: Click not allowed as that link is disabled and the inappropriate message "Not available for Firefox 43.0" is displayed. Circumvention: I was able to download the .xpi file and install the hotfix 'from file'. I see that Bug 425581 refers to this truncation and was closed 'WONTFIX' for supposed security reasons. However, as shown in the example, this truncation actually causes operational faults in Firefox and, for instance, in the area of hotfixes, those also could include serious security problems.
I am aware that most users allow automatic update of extensions (which might possibly avoid the reported problems) but I don't since I want to control when updates occur and, for instance, ensure I have profile backups beforehand. Thus I monitor and apply product and extension updates manually.
OS: Unspecified → Windows 7
Hardware: Unspecified → x86_64
That UA string is intentional. See https://www.fxsitecompat.com/en-US/docs/2012/ua-string-no-longer-contains-patch-level-version-number/ Changing the product/component for potential AMO issues on detecting the browser version.
Component: Untriaged → Public Pages
Product: Firefox → addons.mozilla.org
Version: 43 Branch → unspecified
(In reply to Kohei Yoshino [:kohei] from comment #3) > That UA string is intentional. See > https://www.fxsitecompat.com/en-US/docs/2012/ua-string-no-longer-contains- > patch-level-version-number/ > > Changing the product/component for potential AMO issues on detecting the > browser version. Thank you for your further bug reference. I was aware that the practice was deliberate and already referred to Bug 425581. Your reference to UA string no longer contains patch level version number | Firefox Site Compatibility https://www.fxsitecompat.com/en-US/docs/2012/ua-string-no-longer-contains-patch-level-version-number/ led me to 728831 – Don't expose the Firefox patch level (13.X.Y) in the UA string, only show the major version (13.X) https://bugzilla.mozilla.org/show_bug.cgi?id=728831 where mention was made of the consequential AMO problem and a lot of further discussion took place, as also in 808979 – Provide about:config choice to allow reversion of Bug 728831 https://bugzilla.mozilla.org/show_bug.cgi?id=808979 I see there is a conflict of valid requirements in this issue. Personally, I can circumvent my problem with AMO by downloading the file and doing a local install. I can actually also use 'User agent Switcher' extension to show what I would expect to be the default (untruncated) in only such situations. That does allow me to obtain a clickable link on AMO. However, I do not feel very happy using either method to actually circumvent/subvert the normal AMO process, which is also designed for safety. I wonder about some secure method whereby a user can actively request an exchange in which the full information is exchanged. By that stage I can also see that anyone who closely controls their own updates may be aware of at least one of the methods I describe and would be told, for economy, to use it. However, if one is to depend on such as those two methods then there should be a way for users to more clearly see, at the time of installation, that hotfixes have been fully, successfully and appropriately applied to their own firefox installations and/or profiles while such information would not be revealed outside firefox itself.
Product: addons.mozilla.org → addons.mozilla.org Graveyard
Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.