Update Websense hotfix with maxVersion = 49.*

RESOLVED FIXED

Status

()

Toolkit
Application Update
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: Felipe, Assigned: kmag)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments, 1 obsolete attachment)

(Reporter)

Description

2 years ago
According bug 1300523, the hotfix is not being ignored in the compatibility check. If we just republish the current hotfix (bug 1298404) with maxVersion = 49, that should resolve the issue for this one. When Firefox upgrades to 48 or 49, the hotfix will run and immediatelly uninstall itself.
(Reporter)

Comment 1

2 years ago
Created attachment 8789432 [details] [diff] [review]
new version
Attachment #8789432 - Flags: review?(MattN+bmo)
(Reporter)

Comment 2

2 years ago
Created attachment 8789435 [details] [diff] [review]
updated README
Attachment #8789432 - Attachment is obsolete: true
Attachment #8789432 - Flags: review?(MattN+bmo)
Attachment #8789435 - Flags: review?(MattN+bmo)
(Reporter)

Comment 3

2 years ago
Created attachment 8789437 [details]
hotfix-v20160826.02.xpi unsigned

Jason, could you sign this one for us?
Attachment #8789437 - Flags: feedback?(jthomas)

Updated

2 years ago
Attachment #8789437 - Flags: feedback?(jthomas) → feedback+
Created attachment 8789441 [details]
hotfix-v20160826.02.xpi signed
(Assignee)

Comment 5

2 years ago
Is there a particular reason you can't just change the compatibility range on AMO?
Flags: needinfo?(felipc)
(Reporter)

Comment 6

2 years ago
I don't know how that works. Will that info going to propagate to the existing installs?
Flags: needinfo?(felipc)
(Assignee)

Comment 7

2 years ago
Yes, the compatibility information comes from the same update manifest that's used to deploy new versions, so it should have exactly the same effect.
(Reporter)

Comment 8

2 years ago
Alright, that sounds simpler. Could you do that for us?
Assignee: felipc → kmaglione+bmo
Summary: Redeploy Websense hotfix with maxVersion = 49 → Update Websense hotfix with maxVersion = 49.*
(Assignee)

Comment 9

2 years ago
Done.
I would be in favor of actually finding and fixing the issue instead of working around it.
This basically causes the add-on to be installed and uninstalled over and over again.
(Assignee)

Comment 11

2 years ago
(In reply to Andreas Wagner [:TheOne] from comment #10)
> I would be in favor of actually finding and fixing the issue instead of
> working around it.
> This basically causes the add-on to be installed and uninstalled over and
> over again.

No it doesn't. Hotfixes have special handling so that a given version is only ever installed once.

This should definitely be fixed in Firefox so that it doesn't happen again in the future, but there's no way we're going to be able to fix it in 48 or 49.
(Reporter)

Updated

2 years ago
Attachment #8789435 - Flags: review?(MattN+bmo)
(Reporter)

Comment 12

2 years ago
It would be nice if someone could verify this:

- Launch a fresh profile with Firefox 47
- Force add-on background update check to get the hotfix
- Check that the hotfix installed and added "(nowebsense)" to the app.update.url pref
- Check Firefox for updates and accept Firefox 48
- Check that Add-on Compatibility Dialog doesn't show up when launching Firefox after it updated to 48
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
Flags: needinfo?(andrei.vaida)
Resolution: --- → FIXED
(Reporter)

Comment 13

2 years ago
(This test only makes sense on Windows)
(In reply to :Felipe Gomes (needinfo me!) from comment #12)
> It would be nice if someone could verify this:
> 
> - Launch a fresh profile with Firefox 47
> - Force add-on background update check to get the hotfix
> - Check that the hotfix installed and added "(nowebsense)" to the
> app.update.url pref
> - Check Firefox for updates and accept Firefox 48
> - Check that Add-on Compatibility Dialog doesn't show up when launching
> Firefox after it updated to 48
The last step should be check that app update doesn't display to the user that the add-on is not compatible with the update.
(In reply to Robert Strong [:rstrong] (use needinfo to contact me) from comment #14)
> (In reply to :Felipe Gomes (needinfo me!) from comment #12)
> > It would be nice if someone could verify this:
> > 
> > - Launch a fresh profile with Firefox 47
> > - Force add-on background update check to get the hotfix
> > - Check that the hotfix installed and added "(nowebsense)" to the
> > app.update.url pref
> > - Check Firefox for updates and accept Firefox 48
> > - Check that Add-on Compatibility Dialog doesn't show up when launching
> > Firefox after it updated to 48
> The last step should be check that app update doesn't display to the user
> that the add-on is not compatible with the update.
This happens before the restart. The one that happens after restart is the add-ons manager compatibility dialog and can display for several different reasons other than this.
I have verified the request from Comment #12 using the provided STR. 

The hotfix is installed (checked in about:config for app.update.url and (nowebsense) string is present) and Firefox updated to 48.0.2. 

The Add-on Compatibility Dialog does show up but there is no error and it goes away after the check. 

Please ni? me if we can help in any other way.
Flags: needinfo?(andrei.vaida)
(Reporter)

Comment 17

2 years ago
Do you mean it shows up briefly and doesn't report any incompatibility? Or does it show the Hotfix as requiring a check, like the screenshot in this report here: https://twitter.com/shinax/status/773580772733227008
Flags: needinfo?(alexandru.simonca)
It showed up briefly and didn't report anything. It just went away by itself.
Flags: needinfo?(alexandru.simonca)

Comment 19

2 years ago
Hello all, thank you for your efforts to collaborate. I want to provide information for direct contact regarding all product security issues in all Forcepoint products and services:

I am a founding member of the Forcepoint Global Product Security Incident Response Team (PSIRT).

(Forcepoint is the synthesis of Raytheon Cyber Products, Websense, Trusted Computer Solutions, Oakley Networks, Visual Analytics, Stonesoft, Sidewinder, and others)

If you ever need to report a product security vulnerability, contact PSIRT@forcepoint.com. PGP Key: https://www.forcepoint.com/innovation/product-security/product-security-report-issue
You need to log in before you can comment on or make changes to this bug.