Closed Bug 1549718 Opened 4 years ago Closed 4 years ago

On browser updates, add-ons without explicit ID in their manifest.json are removed when the signature is invalid


(Toolkit :: Add-ons Manager, defect, P1)




Root Cause ?
Tracking Status
firefox-esr60 66+ wontfix
firefox66 blocking wontfix
firefox67 blocking wontfix
firefox68 blocking wontfix


(Reporter: robwu, Unassigned)



(Whiteboard: cert2019)


(2 files)

This is like bug 1549129, except merely updating the browser is sufficient to trigger the bug.

Prerequisites to trigger this bug:

  • Add-on has no explicit ID in manifest.json
  • Add-on signature became invalid (bug 1548973).
  • Browser updates (or DB_SCHEMA is bumped).


  • Add-on package (xpi file) is removed.
  • Add-on data is preserved, so upon re-install the data is back.


  1. Download:
  2. Download: Firefox 67.0b16 and 67.0b17 (or 66.0.3 + 66.0.4).
  3. Create a directory and put user.js with the following content in it (this is to trigger bug 1549344):
user_pref("app.normandy.enabled", false);
user_pref("security.nocertdb", true);
  1. Set the clock to last Friday (3 May 2019)
  2. Start Firefox 67.b16 with the profile.
  3. Install epubreader-2.0.8-fx.xpi and close Firefox.
  4. Set the clock to today.
  5. Start Firefox 67.b17 with the profile.
  6. Observe that the add-on is gone.

Stack trace:

1557236049637   addons.xpi-utils        WARN    addMetadata: Add-on {5384767E-00D9-40E9-B72F-9CC39D655D6F} is invalid: Error: Invalid addon ID: expected addon ID {5384767E-00D9-40E9-B72F-9CC39D655D6F}, found undefined in manifest(resource://gre/modules/addons/XPIDatabase.jsm:2371:15) JS Stack trace: addMetadata@XPIDatabase.jsm:2371:15
Attached file output-bug1549129.log

Output on Linux, with additional prefs for debugging.

b16/firefox is Firefox 67.0b17, b17 is 67.0b17.
I used faketime to change the clock, and to avoid bug 1549129.

/tmp/qa$ rm -rf profile && mkdir profile && printf 'user_pref("app.normandy.enabled", false);\nuser_pref("security.nocertdb", true);\nuser_pref("browser.dom.window.dump.enabled", true);\nuser_pref("extensions.logging.enabled", true);\nuser_pref("toolkit.telemetry.testing.overridePreRelease", true);\nuser_pref("devtools.selfxss.count", 5);\n' > profile/user.js               
/tmp/qa$ faketime '2019-05-04 00:00:00' ./b16/firefox --no-remote -profile profile /tmp/qa | grep -v XPIState
/tmp/qa$ ~/firefox/bugs/profile-addonStartup-mtime/ profile                                                       
/tmp/qa$ ./b17/firefox --no-remote -profile profile /tmp/qa about:telemetry | grep -v XPIState

Simple Measures at about:telemetry has:

addonManager.XPIDB_startup_load_reasons 	[directoryState, schemaChanged]
Attached file

This script updates addonStartup.json.lz4 and extensions.json to make sure that the lastModifiedTime and updateDate matches, to avoid bug 1549129.

Usage: python3 /path/to/profiledir/

Severity: normal → major

Scenarios in which this bug can be triggered (caused by bug 1548973):

  • User updates to Firefox 66.0.3 / 67.0b16 or earlier, from any other version.
  • User updates to 66.0.4 / 67.0b17, but certificate registration fails (e.g. bug 1549249, bug 1549344).

This bug does not occur when the certificate is successfully added (i.e. without suffering from bug 1549249 etc.):

Component: General → Add-ons Manager
Component: Add-ons Manager → General
Priority: -- → P1
Component: General → Add-ons Manager
Closed: 4 years ago
Resolution: --- → WONTFIX

This was wontfixed because the code path that causes it (stemming from the lack of IDs) is valid. We can't prevent this. But we can react to it -- which I assume is the same we'd do for bug 1549129, which is a result of the same code path.

(Whether we decide to do that is a different question, up to Product, etc.)

Please specify a root cause for this bug. See :tmaity for more information.

Root Cause: --- → ?
You need to log in before you can comment on or make changes to this bug.