User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Build ID: 20170323105023 Steps to reproduce: 1. Set up a Windows PC or VM with at least one limited user account, with UAC enabled. 2. Log into Windows with the limited user account. 3. Install Firefox standalone from Firefox all download page on a limited user account. 4. Firefox installer will prompt for administrator user account credential. Fill the credential to allow the installer to continue. 5. Follow necessary steps until installer finish dialog appeared. Leave the checkbox for "Launch Firefox now" checked. 6. Notice that Firefox process will be launched with administrator privilege, inherited from administrator user account used during installation. Please note that this problem also occurs on Thunderbird and SeaMonkey, since they use the same installer component. Actual results: Firefox will be launched with administrator user account, which has very high privilege inherited from administrator privilege during installation process. Expected results: Firefox doesn't have "Launch Firefox now" checkbox, so that users can safely launch Firefox after installation without Administrator privilege.
I would have sworn this was on file already but I can't find the duplicate. Robert?
Component: Untriaged → Application Update
Product: Firefox → Toolkit
Summary: Remove "Launch Firefox now" checkbox on installer finish dialog → Ticking "Launch Firefox now" in the installer when installing from a limited user account shouldn't launch Firefox using admin privileges
Thanks for the report. Could you please try this with a nightly build [https://www.mozilla.org/en-US/firefox/channel/desktop/#nightly] and let us know if you can reproduce it then; I don't seem to be able to, possibly thanks to fixing bug 1350974.
Component: Application Update → NSIS Installer
Flags: needinfo?(robert.strong.bugs) → needinfo?(mydeardiary)
The problem doesn't occur on developer edition (54.0a2 20170412004024). Good job.
Great, thanks for checking.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 months ago
Resolution: --- → FIXED
Does this need to stay hidden? (I don't think so, but...)
I don't think so either; don't have the permissions to unhide things myself though.
You need to log in before you can comment on or make changes to this bug.