Closed Bug 1355239 Opened 8 years ago Closed 1 year ago

We should attempt to recover from an extension process crash.

Categories

(WebExtensions :: General, enhancement, P3)

Product:
WebExtensions
Component:
General
Type:
enhancement
Points:
8

Tracking

(firefox120 fixed)

Status:
RESOLVED FIXED
Milestone:
120 Branch
Tracking Flags:
Tracking Status
firefox120 --- fixed

People

(Reporter: krupa--use, Assigned: robwu)

References

(Blocks 2 open bugs)

Details

(Whiteboard: triaged, [geckoview:p1] [fission:android])

Attachments

(1 file)

Screenshot of extension crash
138 bytes, text/plain
Details
In https://bugzilla.mozilla.org/show_bug.cgi?id=1353959#c1, we talked about how we currently don't attempt to recover from an extension process crash. This is probably something we should do.
Priority: -- → P2
Whiteboard: triaged
Blocks: webext-oop
Bumping up to a P1, I think we need to talk about what would happen in a crash the side effects and when it would restart.
Priority: P2 → P1
Kris said that we should restart the background page if it crashes. There were concerns about getting into a continual loop on that though, so I'm not sure what options exist for that.
I think the we might be better off disabling/enabling all web extensions upon process crash, so that web extensions don't get into an inconsistent state if they have something akin to a state machine shared between background page and content scripts.
(In reply to Tomislav Jovanovic :zombie from comment #3) > I think the we might be better off disabling/enabling all web extensions > upon process crash, so that web extensions don't get into an inconsistent > state if they have something akin to a state machine shared between > background page and content scripts. A crash induced by one extension should not affect other extensions if possible. If you meant to say that crashing one extension causes the extension to be disabled, then yes, that makes sense. FWIW, when an extension process crashes in Chrome, it is disabled and a desktop notification is shown (which can easily be missed if you don't pay attention). The extension is started again when the user clicks on the notification. What do we want to do here? I'm thinking of trying to restart (up to, say, 2 times (can be controlled through pref)) and otherwise require user interaction to restart (need UI).
A UI needs to be shown for telling the user and also giving the option to submit a crash report. It probably makes sense to seperate that into another bug though.
(In reply to Rob Wu [:robwu] from comment #4) > A crash induced by one extension should not affect other extensions if > possible. All our extensions will run in the same process, so one extension crashing will crash all (active) extensions. > If you meant to say that crashing one extension causes the extension to be > disabled, then yes, that makes sense. With the above in mind, i'm saying we should disable and enable all extensions after the extension process crash.
Priority: P1 → P2
reverting this to p1 for 57 (not blocking 56)
Priority: P2 → P1
This is a P1 bug without an assignee. P1 are bugs which are being worked on for the current release cycle/iteration/sprint. If the bug is not assigned by Monday, 28 August, the bug's priority will be reset to '--'.
Keywords: stale-bug
Keywords: stale-bug
Priority: P1 → P2
Product: Toolkit → WebExtensions

This bug was marked as priority 1 two years ago and there has been no work done on it since.

Priority: P2 → --
Priority: -- → P3

I've been encountering [what I think is] this bug for about a year now.

Occasionally and without any kind of notification or warning, my extensions will simply stop working. Usually I notice this because uBlock and uMatrix stop working and therefore my web browsing becomes littered with ads.

Pop-up menus such as those used in uBlock and uMatrix will simply appear blank, as you can see in my bug report I filed on their Github issues page: https://github.com/uBlockOrigin/uMatrix-issues/issues/231

For me, this bug should be considered absolutely critical, perhaps even classed as a critical security vulnerability.

People like myself rely on extensions to provide security and privacy. Extensions are as much a part of the browser as anything else these days.

To have extensions suddenly stop working without informing the user is a really serious problem because the user might continue working under the assumption that they are secure or their data is being kept private, when in fact their data is being leaked or their browser is being compromised in a way they had previously thought was impossible due to having installed certain extensions.

In my humble opinion there NEEDS to be a notification shown to the user when this happens, and ideally all browser traffic would be cut off immediately so that requests/data which would normally be blocked by an extension could not "leak" out of the browser.

Is there anything that security-conscious users can do right now to mitigate the risks associated with a crash like this?

Flags: needinfo?(mixedpuppy)
See Also: → 1592310

I'll look to see if we have any crash reporting to indicate frequency of problem.

Whiteboard: triaged → triaged, webext?
Blocks: 1631066

The OS kills processes aggressively on Android (without necessarily killing the main process), especially when the app is not on the foreground, so this is a must for us to enable remote extensions. My extensions pretty much stop working daily right now on a high end phone (S10).

Whiteboard: triaged, webext? → triaged, webext?, [geckoview:p1]
Blocks: 1627139
Assignee: nobody → rob
Status: NEW → ASSIGNED
Whiteboard: triaged, webext?, [geckoview:p1] → triaged, [geckoview:p1]
See Also: → 1655916
Flags: needinfo?(mixedpuppy)

Tracking this bug for Android Fission milestone M2 (pass tests with Fission enabled).

Whiteboard: triaged, [geckoview:p1] → triaged, [geckoview:p1] [fission:android:m2]

I filed bug 1678739 to help with exposing the remote type to help with identifying extension process crashes in crash reports.

Depends on: 1678739

IMHO, this should be a P1 as there could be privacy concerns with some extensions not being able to come back up, leaking data all over until the user realizes that the extension is not working.

Extension process doesn't need to block Android Fission.

Whiteboard: triaged, [geckoview:p1] [fission:android:m2] → triaged, [geckoview:p1] [fission:android]
Points: --- → 8
Depends on: 1762225
Severity: normal → S3
Assignee: rob → amejiamarmol
Severity: S3 → --
Priority: P3 → P1
Whiteboard: triaged, [geckoview:p1] [fission:android] → triaged, [geckoview:p1] [fission:android][geckoview:m112]
Assignee: amejiamarmol → rob
Severity: -- → S3
Priority: P1 → P3
See Also: → 1817019
Whiteboard: triaged, [geckoview:p1] [fission:android][geckoview:m112] → triaged, [geckoview:p1] [fission:android]

Looks like this has been fixed.

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox120: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 120 Branch

aww, it is the end of era. I filed this bug 7 years ago

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: