Closed Bug 1294395 Opened 4 years ago Closed 4 years ago

[Out Of Date Notification] Notification bar is displayed for Tor Browser

Categories

(Firefox :: General, defect)

45 Branch
defect
Not set

Tracking

()

VERIFIED FIXED

People

(Reporter: gk, Unassigned)

References

Details

(Whiteboard: [tor 19890])

Attachments

(1 file)

As mentioned on IRC (#releng) it turns out that the out of date notification is displayed to Tor Browser users as well (and not only to Firefox 44.* ones). The reason is probably that we send a version like 6.0.3 back and the server side thinks "Ha, that's far too old, you get the out-of-date-extension). While we are working on getting a new release out that fixes this on our side would it be possible to tweak the server side rules in a way that would exempt Tor Browser users from getting the new system addon?
Attached file tor 6.0.3 - FF44.0.2
Attaching the browser console logs for TOR 6.0.3 and FF 44.0.2 on system add-on update check. (I've isolated just the relevant part in my opinion at least)
This is happening because there's nothing in the TOR Browser update URL that makes it different than regular Firefox. Eg, the update URL used is:
https://aus5.mozilla.org/update/3/SystemAddons/44.0.2/20160210153822/Linux_x86-gcc3/en-US/release/Linux%203.13.0-68-generic%20(GTK%203.10.8)/default/default/update.xml

Which is more or less the same as a regular Firefox System Addon update URL.

We specifically excluded distribution builds from receiving this System Addon by locking it to the "default" distribution, which is the first "default" in the above update URL. I don't think there's anything we can do about this, but it would be a good idea to have the TOR Browser start identifying itself as a distribution to avoid problems like this in the future.
(In reply to Ben Hearsum (:bhearsum) from comment #2)
> This is happening because there's nothing in the TOR Browser update URL that
> makes it different than regular Firefox. Eg, the update URL used is:
> https://aus5.mozilla.org/update/3/SystemAddons/44.0.2/20160210153822/
> Linux_x86-gcc3/en-US/release/Linux%203.13.0-68-generic%20(GTK%203.10.8)/
> default/default/update.xml
> 
> Which is more or less the same as a regular Firefox System Addon update URL.
> 
> We specifically excluded distribution builds from receiving this System
> Addon by locking it to the "default" distribution, which is the first
> "default" in the above update URL. I don't think there's anything we can do
> about this, but it would be a good idea to have the TOR Browser start
> identifying itself as a distribution to avoid problems like this in the
> future.

We talked about this on IRC a bit more. First off, I misread the attached log, and thought the second update URL was from TOR Browser. Turns out it only sends  https://aus5.mozilla.org/update/3/SystemAddons/6.0.3/20000101000000/Linux_x86-gcc3/en-US/release/Linux%203.13.0-68-generic%20(GTK%203.10.8%2Clibpulse%204.0.0)/default/default/update.xml, which is easily identifiable. I added a new rule in Balrog to match product SystemAddons, version <44.0, and serve it no update. This matches the behaviour for <44.0 prior to shipping the outofdate notification addon.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
I verified that TOR will not get the OutOfDate notification anymore. (unfortunately i uninstalled it before the fix, so I couldn't check if it gets removed, but my two cents are that it will be removed when the next system add-on check will be performed).

Ben, as I don't know the inner workings of the delivery system (Balrog), do you think I should check FF versions or maybe other FF based distributions? I didn't catch the reason which caused Tor to be affected by the OutOfDate Notification.
Flags: needinfo?(bhearsum)
(In reply to Adrian Florinescu [:AdrianSV] from comment #4)
> I verified that TOR will not get the OutOfDate notification anymore.
> (unfortunately i uninstalled it before the fix, so I couldn't check if it
> gets removed, but my two cents are that it will be removed when the next
> system add-on check will be performed).
> 
> Ben, as I don't know the inner workings of the delivery system (Balrog), do
> you think I should check FF versions or maybe other FF based distributions?
> I didn't catch the reason which caused Tor to be affected by the OutOfDate
> Notification.

I don't think any additional checking is necessary. TOR Browser doesn't behave like our distribution builds, which we explicitly blocked from receiving this addon (and verified it prior to shipping). This is quite a special case.
Flags: needinfo?(bhearsum)
Based on comment5 and irc chat with Stephen I think I can mark this bug as verified fixed.
Status: RESOLVED → VERIFIED
Whiteboard: [tor 19890]
You need to log in before you can comment on or make changes to this bug.