User can update without having write access




Application Update
a year ago
11 months ago


(Reporter: Fred Ziems, Unassigned)


51 Branch

Firefox Tracking Flags

(Not tracked)




a year ago
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0
Build ID: 20170125094131

Steps to reproduce:

Logged into a workstation as a standard user (WIN10N workstation) started FF, went to help about, checked for updates.  Started downloading the update to 52, then said it was installing, then said to restart the browser, restarted, checked version was now at 52.  

Actual results:

checked the program files (x86) mozilla firefox folder, the firefox.exe file was updated + several other files.  I checked the security on the folder and the files and the only ID with write access to the file is the administrators.  i checked the details on the file and the name in the details was the standard user name.

Expected results:

The user should have been asked for the administrator ID and PASSWORD!  How did this Happen!

Comment 1

a year ago
I suspect this is the maintenance service in action ( ), but I'll let :rstrong and/or you (the reporter) confirm.
Group: firefox-core-security → toolkit-core-security
Component: Untriaged → Application Update
Flags: needinfo?(robert.strong.bugs)
Flags: needinfo?(fziems)
Product: Firefox → Toolkit
That is most likely the Mozilla Maintenance Service performing the update.

Please check if it is listed in "Programs and Features" under Control Panel.
Flags: needinfo?(robert.strong.bugs)
Triage group consensus: appears to be working as designed, so opening access.
Group: toolkit-core-security
No response to comment #2. Resolving incomplete
Last Resolved: 11 months ago
Flags: needinfo?(fziems)
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.