Closed Bug 1614111 Opened 6 years ago Closed 4 years ago

Messing with Windows Proxy settings

Categories

(Thunderbird :: Untriaged, defect)

Product:
Thunderbird
Component:
Untriaged
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: pusnik.marko, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36

Steps to reproduce:

It's enough to have Thunderbird open and just wait an issue to happen.

Environment:
Thunderbird proxy connection settings are "Use system proxy settings".
Using ordinary ethernet connection - no VPN is conencted!
Windows 10 v1909

Actual results:

Thunderbird.exe changes the proxy settings in the windows registry. After all system proxy settings based applications lose Internet acces (e.g. Chrome, Slack..).

Extract from Process Monitor:
07:48:25,4667323 thunderbird.exe 12468 RegQueryKey HKCU SUCCESS Query: HandleTags, HandleTags: 0x0
07:48:25,4667467 thunderbird.exe 12468 RegOpenKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings SUCCESS Desired Access: Read
07:48:25,4667610 thunderbird.exe 12468 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable SUCCESS Type: REG_DWORD, Length: 4, Data: 0
07:48:25,4667783 thunderbird.exe 12468 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer NAME NOT FOUND Length: 144
07:48:25,4667913 thunderbird.exe 12468 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride SUCCESS Type: REG_SZ, Length: 16, Data: <local>
07:48:25,4668066 thunderbird.exe 12468 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL NAME NOT FOUND Length: 144
07:48:25,4668169 thunderbird.exe 12468 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect NAME NOT FOUND Length: 16
07:48:25,4668306 thunderbird.exe 12468 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings SUCCESS
07:48:25,4668490 thunderbird.exe 12468 RegQueryKey HKCU SUCCESS Query: HandleTags, HandleTags: 0x0
07:48:25,4668603 thunderbird.exe 12468 RegCreateKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings SUCCESS Desired Access: Write, Disposition: REG_OPENED_EXISTING_KEY
07:48:25,4668816 thunderbird.exe 12468 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable SUCCESS Type: REG_DWORD, Length: 4, Data: 1
07:48:25,4669787 thunderbird.exe 12468 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS Type: REG_SZ, Length: 32, Data: proxy.gov.si:80
07:48:25,4670373 thunderbird.exe 12468 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride SUCCESS Type: REG_SZ, Length: 52, Data: <local>;local; pusnik.xyz
07:48:25,4670926 thunderbird.exe 12468 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL NAME NOT FOUND
07:48:25,4671453 thunderbird.exe 12468 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect NAME NOT FOUND
07:48:25,4671941 thunderbird.exe 12468 RegCloseKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings SUCCESS

Issue can be also detected with "Event Viewer" by setting custom filter with "by log by Microsoft-Windows-WinHttp/ProxyConfigChanged".

Expected results:

Thunderbird.exe should not change system proxy settings!

Additional info:

  • proxy.gov.si:80 was once set as a manual proxy on a VPN profile, which was deleted weeks ago!
  • Before thunderbird set registry keys, there was a related read registry activity:
    ...
    07:48:23,3214822 LocalBridge.exe 5516 RegQueryValue \REGISTRY\WC\Silo9eeab5d6-23ba-d782-a907-9b9e38b84dafuser_sid\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    07:48:23,3214959 LocalBridge.exe 5516 RegQueryValue \REGISTRY\WC\Silo9eeab5d6-23ba-d782-a907-9b9e38b84dafuser_sid\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS Type: REG_SZ, Length: 32, Data: proxy.gov.si:80
    07:48:23,3214974 RuntimeBroker.exe 12388 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\MonitorRegistry SUCCESS Type: REG_DWORD, Length: 4, Data: 1
    07:48:23,3215069 LocalBridge.exe 5516 RegQueryValue \REGISTRY\WC\Silo9eeab5d6-23ba-d782-a907-9b9e38b84dafuser_sid\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride SUCCESS Type: REG_SZ, Length: 52, Data: <local>;local; pusnik.xyz
    ...
    07:48:23,3299497 LocalBridge.exe 5516 RegQueryValue \REGISTRY\WC\Silo9eeab5d6-23ba-d782-a907-9b9e38b84dafuser_sid\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS Type: REG_SZ, Length: 32, Data: proxy.gov.si:80
    ...
    that traced to registry hive file :\ProgramData\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\S-1-5-21-3795996945-4286000277-1262582828-1002\SystemAppData\Helium\user.dat.

Even if the latter is a MS / OfficeHub issue (deleted VPN profile should be deleted along with all the settings) I thing thunderbird should be not meesing (setting) with system proxy setting.

I don't think that Thunderbird specific code changes the Windows' proxy settings.

Thunderbird uses the Mozilla Firefox platform and its networking stack. I don't know for sure if it changes the Windows system proxy settings, but I'd be very surprised if it does.

It seems more likely that you have software installed that made the change. Maybe do you have a Firefox/Thunderbird Add-on that provides proxy configuration management?

(In reply to pusnik.marko from comment #0)

07:48:25,4668603 thunderbird.exe 12468 RegCreateKey HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings SUCCESS Desired Access: Write, Disposition: REG_OPENED_EXISTING_KEY
07:48:25,4668816 thunderbird.exe 12468 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable SUCCESS Type: REG_DWORD, Length: 4, Data: 1
07:48:25,4669787 thunderbird.exe 12468 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS Type: REG_SZ, Length: 32, Data: proxy.gov.si:80
07:48:25,4670373 thunderbird.exe 12468 RegSetValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride SUCCESS Type: REG_SZ, Length: 52, Data: <local>;local; pusnik.xyz

Hmm, that indeed looks like the Thunderbird process made the change. But it could have been caused by an Add-on that is loaded into Thunderbird. Which Add-ons do you have installed?

Additional info:

  • proxy.gov.si:80 was once set as a manual proxy on a VPN profile, which was deleted weeks ago!

Can you explain how that "manual" configuration was done?
Did you do that inside Thunderbird - or inside some other software? If other software, which software was that?

07:48:23,3214822 LocalBridge.exe 5516 RegQueryValue \REGISTRY\WC\Silo9eeab5d6-23ba-d782-a907-9b9e38b84dafuser_sid\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable SUCCESS Type: REG_DWORD, Length: 4, Data: 1
07:48:23,3214959 LocalBridge.exe 5516 RegQueryValue \REGISTRY\WC\Silo9eeab5d6-23ba-d782-a907-9b9e38b84dafuser_sid\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS Type: REG_SZ, Length: 32, Data: proxy.gov.si:80
07:48:23,3214974 RuntimeBroker.exe 12388 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\MonitorRegistry SUCCESS Type: REG_DWORD, Length: 4, Data: 1
07:48:23,3215069 LocalBridge.exe 5516 RegQueryValue \REGISTRY\WC\Silo9eeab5d6-23ba-d782-a907-9b9e38b84dafuser_sid\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride SUCCESS Type: REG_SZ, Length: 52, Data: <local>;local; pusnik.xyz
...
07:48:23,3299497 LocalBridge.exe 5516 RegQueryValue \REGISTRY\WC\Silo9eeab5d6-23ba-d782-a907-9b9e38b84dafuser_sid\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS Type: REG_SZ, Length: 32, Data: proxy.gov.si:80

To which software package you have installed belong the executables with the above names "LocalBridge.exe" and "RuntimeBroker.exe"?
Wayne, are that binaries we ship with Thunderbird?

localbridge and runtimebroker don't seem to be part of Thunderbird.

Also, they only did read-only commands to the registry, so they shouldn't be responsible, according to those log entries.

(In reply to Kai Engert (:KaiE:) from comment #1)

do you have a Firefox/Thunderbird Add-on that provides proxy configuration management?

Flags: needinfo?(pusnik.marko)

No, I don't have any Firefox/Thunderbird Add-on that provides proxy configuration management. I only use "Lightning" and "Provider for Google Calendar" add-ins.

I used "CIsco AnyConnect Secure Mobile Client" to establish VPN to my clien then. I set up manual proxy by Windows settings-> Network&Internet-> Proxy->Manual proxy setup.

As I google it LocalBridge and RuntimeBroker are be part of MS OfficeHub....

I would not be surprised if "AnyConnect client" has someting to do with it.

Flags: needinfo?(pusnik.marko)

(In reply to pusnik.marko from comment #5)

No, I don't have any Firefox/Thunderbird Add-on that provides proxy configuration management. I only use "Lightning" and "Provider for Google Calendar" add-ins.

I used "CIsco AnyConnect Secure Mobile Client" to establish VPN to my clien then. I set up manual proxy by Windows settings-> Network&Internet-> Proxy->Manual proxy setup.

As I google it LocalBridge and RuntimeBroker are be part of MS OfficeHub....

I would not be surprised if "AnyConnect client" has someting to do with it.

What have you found?
How is version 78?

Flags: needinfo?(pusnik.marko)
Whiteboard: [closeme 2021-03-16]

Resolved per whiteboard

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Flags: needinfo?(pusnik.marko)
Resolution: --- → INCOMPLETE
Whiteboard: [closeme 2021-03-16]
You need to log in before you can comment on or make changes to this bug.