1731020 - UAC Bypass at mozilla installer

Status: RESOLVED INVALID

(Firefox :: Installer, defect)

Description

[Pankaj Kumar Thakur]

Attachment: Screenshot_7.png

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Steps to reproduce:

open firefox installer
user account controller pop up
now click on "NO"
here installation should be terminated

Actual results:

But here UAC bypassed and installation started

Expected results:

installation should have terminated

Comment 1

[Pankaj Kumar Thakur]

Attachment: Firefox Installer.exe

Comment 2

[Robin Steuber (she/her) [:bytesized]]

Hello, thanks for filing a bug.

This sounds like the expected behavior. Users sometimes do not have access to an Administrator account, but still want to install Firefox. Since they will not be able to accept a UAC prompt, we allow installation without accepting it. We will not, of course, be able to install to the "Program Files" directory without the UAC being accepted. But that is okay because Firefox can still be installed in the user's local app data directory.

For example, I currently have an installation of Firefox Nightly for which I accepted the UAC when installing. If I check the installation location (in about:support under "Application Binary"), I can see that it is installed to the "Program Files" directory: C:\Program Files\Firefox Nightly\firefox.exe.
I have another installation of release Firefox for which I did not accept the UAC when installing. If I check the installation location, I can see that it is installed in my local app data directory: C:\Users\bytesized\AppData\Local\Mozilla Firefox\firefox.exe.

If we simply terminated the installer when the UAC prompt was not accepted, users without an Administrator account would be unable to easily use Firefox. So we do not want to change the installer to terminate in that situation.

If I have missed something or misunderstood, let me know and we can reopen this bug.