Closed Bug 1756397 Opened 2 years ago Closed 2 years ago

Firefox updates despite updates disabled

Categories

(Toolkit :: Application Update, defect)

Product:
Toolkit
Component:
Application Update
Version:
Firefox 97
Type:
defect

Tracking

()

Status:
VERIFIED INCOMPLETE

People

(Reporter: michelle, Unassigned)

References

Details

Attachments

(1 file)

Screenshot from 2022-02-21 07-31-43.png
125.02 KB, image/png
Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0

Steps to reproduce:

A policies.json was created in Linux to stop the automatic updates.
Firefox recognised this policy as it gave, "Update available - download now" - (in a continual nag pop-up which i HATE)

Actual results:

Regardless of the json, Firefox went ahead and updated itself and forced me to restart the browser to continue working.

Expected results:

Firefox should have continued running and NOT updated itself, it should not have interrupted my work and forced me to restart my browser (and it should NOT be nagging me of an update more than once a day)

The Bugbug bot thinks this bug should belong to the 'Toolkit::Application Update' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → Application Update
Product: Firefox → Toolkit

I have some questions that I need answers to to help me debug here.

  1. How did you install this installation of Firefox? Did you download the installer from our website? Did you install via a package manager like apt or yum?
  2. Do you typically use multiple Firefox profiles simultaneously? Does this problem still happen if you are only running a single profile at a time?
  3. Could you attach a screenshot of your about:policies page?
  4. Which Firefox Channel have you installed (Release, Beta, Dev Edition, Nightly)? I believe that 97 is the current version on Firefox Release, so maybe you are on Release? If you aren't sure, you can look for the "Update Channel" row in about:support.
  5. Depending on which policies you have enabled, this question may not be applicable, but in about:preferences do you have the "Check for updates but let you choose to install them" setting selected?

(In reply to Michelle Knight from comment #0)

Firefox recognised this policy as it gave, "Update available - download now" - (in a continual nag pop-up which i HATE)

Could you tell me what you would like it to do instead? If you don't want it to bother you at all, you might be interested in the ManualAppUpdateOnly policy, which prevents update notifications. But it is only recommended if you are going to manually update regularly. Or if you think that we should advertise updates in some other way, I would be interested to hear what you have in mind.

nagging me of an update more than once a day

Are you frequently getting multiple update doorhangers (popup notifications) per day? That doesn't sound normal for Release Firefox.

Flags: needinfo?(michelle)

Thanks for responding.

The firefox installation was from the Ubuntu (on Mint) repositories by command line.

There is only one profile in use.

Update Channel release-cck-mint

Firefox updates has...
Automatically install updates (recommended)
Check for updates but let you choose to install them
...and the latter is checked. However, these are now the settings after Firefox has been updated automatically. Even when the latter option is selected, Firefox was taking it on itself to update in the background.

What I would like to do, is to stop any and all automatic updates via a simple option in the options menu. I would like to turn nagging "There's an update available..." off completely. I set myself maintenance windows when I perform updates for the whole system, so any application that upsets my work, especially one as critical as the browser, is a serious workflow problem. Having to go to the extent of a json file to do this, is a bit overkill for something which I believe should be in the menus.

Flags: needinfo?(michelle)

Hmm. There are just a bunch of things going on here.

Given that you have installed from a software repository, the "Sorry. We just need to do one small thing to keep going." page is not really surprising. This is most likely an occurrence of Bug 1705217.

What is extremely odd to me is that Firefox seems to be updated by a package manager and also by its own internal updater. There doesn't seem to be any reason for that to happen. I just took a look at an Ubuntu installation installed via apt and the updater was disabled at build time, which is what I would expect. However, that doesn't seem to be the case on your Mint copy. If the updater was properly disabled, the "Check for updates but let you choose to install them" option wouldn't even exist in the settings. It seems like we might need to reach out to the developers of Mint and request that they properly turn off the Firefox updater when building.

@mkaply - I'm not sure what the best way to reach out to Mint about disabling the updater in their builds. I'm hoping that you might know?

It's also extremely odd to me that Firefox would be able to self-update in this configuration. Package managers typically install Firefox so that it can only be updated with root privileges. Do you know why Firefox is able to update itself on your machine? Are the privileges on the Firefox installation set such that a regular user can update it? Or maybe you are running Firefox with elevated privileges that allow it to update itself? Neither of those possibilities seem... good. We generally rely on package managers for updates on Linux specifically because Firefox doesn't have the ability to get the privileges necessary to update on its own.

(In reply to Michelle Knight from comment #3)

What I would like to do, is to stop any and all automatic updates via a simple option in the options menu. I would like to turn nagging "There's an update available..." off completely.

As I mentioned previously, there is a policy to do exactly this: ManualAppUpdateOnly

Having to go to the extent of a json file to do this, is a bit overkill for something which I believe should be in the menus.

I'm afraid that we've already considered this and made the decision that this option does not belong on the Firefox Settings page. It's simply too dangerous. Unfortunately, we live in a world where people regularly run untrusted and/or malicious code and expect their browser to allow that code to execute, but also to protect them from it. Doing this absolutely requires having updates installed regularly. Putting the setting in a place that requires some technical knowledge to set it helps limit its use to people that understand the importance of updating regularly.

It also sounds like you are using a policy to disable update, but update is not disabled. If you attach a copy of your about:policies page, we can investigate why your policy isn't working properly.

Flags: needinfo?(mozilla)
Flags: needinfo?(michelle)

Mint repackages our zip builds and they put a policies.json in place to disable updates. They don't build Firefox.

Was there already a policies.json that you modified in the Firefox install?

I definitely want to see what about:policies looked like initially.

Flags: needinfo?(mozilla)

(In reply to Mike Kaply [:mkaply] from comment #5)

Mint repackages our zip builds and they put a policies.json in place to disable updates. They don't build Firefox.

...oh. I'm not real excited to hear that.

...oh. I'm not real excited to hear that.

Other Linux distros that don't build Firefox do this as well because there's no other way to turn off updates.

And anything we do to make it easy for Linux to turn off updates for package managers would make it easy for other folks to turn off updates.

I'm wondering if we should do a separate Linux build with the updater disabled specifically for package managers to use?

(In reply to Mike Kaply [:mkaply] from comment #7)

I'm wondering if we should do a separate Linux build with the updater disabled specifically for package managers to use?

I filed Bug 1757050 to consider doing this.

I'm resolving for inactivity because we can't move forward without more information (about:policies in particular). Michelle, please do feel free to re-open with the requested info.

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → INCOMPLETE

Well, the only policy I have in the json is this...
{
"policies":
{
"BackgroundAppUpdate": false
}
}

But... to a degree I'm having problems understanding exactly what's going on, because if I read correctly what is being said is that the Mint team are altering the Firefox installation.

I was concerned to read ... "I'm afraid that we've already considered this and made the decision that this option does not belong on the Firefox Settings page. It's simply too dangerous. Unfortunately, we live in a world where people regularly run untrusted and/or malicious code and expect their browser to allow that code to execute, but also to protect them from it. Doing this absolutely requires having updates installed regularly. Putting the setting in a place that requires some technical knowledge to set it helps limit its use to people that understand the importance of updating regularly." ... which puts to my mind that this action of forcing updates down the users throat... (excuse me, but that's how I feel about it) ... is a decision made on my behalf and even when technically minded, I'm having a heck of a job trying to get some level of control over the updates.

Not only that, but there are two update mechanisms enabled. Though the apt-get channel and also Firefox is updating itself independently.

I'm finding this whole attitude to be one of removing choices from me and making them on my behalf. That, if anything, I find extremely patronising. A setting should be available, in the advanced settings... whereas if someone wants to venture into, "here be dragons," then they can DO so.

That's what I want. I don't want to be led on a merry goose chase of having to install policies in arcane places depending on my operating system, in order to have control over the package.

So... that's the critical question ... am I going to get that setting in advanced, somewhere... to turn off automatic updates completely ... or am I going to have to change browser?

Flags: needinfo?(michelle)
Status: RESOLVED → VERIFIED

To add a little more to this....

One of the reasons I'm upset about this, is that it seems to be the default that decisions like this are made on my behalf (and other users) and this has been a really sore point for me, for a number of years. This attitude of, "Oooh, that could be dangerous... best not let the user do that. Let's remove it."

Sorry... but that attitude has been grating with me for some time. This particular incident went further in that it wasn't even in the about:config ... where you do get the warning about here be dragons... but I had to make a policy.

This attitude towards users is not acceptable to me.

Our goal was not to make it unable to be done, but to make it a little harder than just clicking a button in preferences. We had too many people that clicked the button without understanding what it was and just never got updates.

You certainly can turn off updates, you just have to put more effort into it.

Did you add BackgroundAppUpdate false to that policies.json or was it like that by default? The Mint version of Firefox should have updates turned off because it gets updates via apt. It does that by setting AppAutoUpdate to false in policies.json. I'll verify with them that they are turning off updates that way. And we are investigating making this better for Linux.

The problem here though is that turning off updates in Firefox has no effect on whether or not your package manager updates. We don't control that.

Let me explain what I believe has happened here. I don't have all the details, so it's possible that I'm wrong or missing parts. But this is what seems most likely to me.

I believe that you have installed the Firefox package that is made available by the Mint distribution via the package manager. Mint creates its Firefox package by taking the Firefox distribution that we build and adding a policies.json with the DisableAppUpdate enterprise policy enabled. This prevents Firefox from updating itself, allowing updates to be managed entirely by the package manager.

However, there is a long standing bug, Bug 1705217 (which we are working on), that causes Firefox to be unable to start the new processes that it needs to start to function if a package manager updates Firefox while it is running. This results in a page (the one in the screenshot from this bug's description) being displayed asking that the user restart Firefox so that the version being run matches the version on the disk and Firefox can once again launch processes when it needs them.

To reiterate, that message typically means that your package manager has updated Firefox. Not that Firefox has updated itself. While we are working on being tolerant of Firefox's files all being changed out while it is running, we have no control over the package manager or when it decides to update.

(In reply to Michelle Knight from comment #0)

...
Steps to reproduce:

A policies.json was created in Linux to stop the automatic updates.
...

From this, I am guessing that you overwrote the policies.json that Mint included in Firefox package with a different one that no longer has the DisableAppUpdate enterprise policy set. Probably, Firefox isn't actually capable of updating itself because it doesn't have the necessary permissions to do this. On macOS and Windows, we have ways of elevating to get those permissions but, long story short, on Linux we don't have a way of doing that. So now that Firefox has its automatic updater enabled, it is trying to update itself and finding that it cannot because it doesn't have the necessary permissions.

(In reply to Michelle Knight from comment #0)

Firefox recognised this policy as it gave, "Update available - download now" - (in a continual nag pop-up which i HATE)

I believe that this is not being caused by the policy being "recognized", it is being caused by the update system being enabled but incapable of actually updating. This causes it to bother the user to install a new version so that they don't just get more and more out of date forever. This behavior is not needed or desirable when Firefox is being updated by the package manager, which is why distributions like Mint use DisableAppUpdate to disable the update system altogether.

(In reply to Michelle Knight from comment #10)

Well, the only policy I have in the json is this...
{
"policies":
{
"BackgroundAppUpdate": false
}
}

This policy does nothing on a Linux installation. As noted here, this policy is applicable on Windows only. This is because our Background Update Agent is currently only available on Windows. Firefox can only update itself with our regular in-application updater on other OS's, not with Background Update.

But... to a degree I'm having problems understanding exactly what's going on, because if I read correctly what is being said is that the Mint team are altering the Firefox installation.

Yes, my understanding is that they bundle Firefox with a policies.json that enables DisableAppUpdate.

I was concerned to read ... "I'm afraid that we've already considered this and made the decision that this option does not belong on the Firefox Settings page. It's simply too dangerous. Unfortunately, we live in a world where people regularly run untrusted and/or malicious code and expect their browser to allow that code to execute, but also to protect them from it. Doing this absolutely requires having updates installed regularly. Putting the setting in a place that requires some technical knowledge to set it helps limit its use to people that understand the importance of updating regularly." ... which puts to my mind that this action of forcing updates down the users throat... (excuse me, but that's how I feel about it) ... is a decision made on my behalf and even when technically minded, I'm having a heck of a job trying to get some level of control over the updates.

I am definitely firmly of the opinion that the average user is not well served by having a easy way to completely disable Firefox updates. It is too easy to get really far out of date and miss out on critical security updates that protect against attacks that we know are being actively used in the wild.

We do have mechanisms to disable update for users that are more technically minded. We keep the most dangerous of these as Enterprise Policies in order to limit them to a more technical audience.

Not only that, but there are two update mechanisms enabled. Though the apt-get channel and also Firefox is updating itself independently.

Yes. Clearly that is not meant to happen. That is why Mint ought to be turning off the Firefox in-application update with the DisableAppUpdate policy. Unfortunately that policy was either (a) not turned on by Mint, in which case you probably ought to file a bug with them, or (b) overwritten by other changes to the policies.json file. In the latter case it is probably safest to purge the entire Firefox installation from the disk and reinstall it in order to ensure that it is configured the way that the package maintainers intended.

I'm finding this whole attitude to be one of removing choices from me and making them on my behalf. That, if anything, I find extremely patronising. A setting should be available, in the advanced settings... whereas if someone wants to venture into, "here be dragons," then they can DO so.

I believe that that is exactly what Enterprise Policies are? And it seems like the setting that you want is made available via that mechanism. If there is something that you still think is missing though, we'd be happy to consider it.

That's what I want. I don't want to be led on a merry goose chase of having to install policies in arcane places depending on my operating system, in order to have control over the package.

We made these settings difficult to access because we don't want users with out the necessary technical understanding to access them. Otherwise it could result in a configuration that is either dangerous (never installs critical security updates) or badly misconfigured (installs updates in an environment when it ought not to).

So... that's the critical question ... am I going to get that setting in advanced, somewhere... to turn off automatic updates completely ... or am I going to have to change browser?

If I am understanding correctly, that setting already exists and it is called DisableAppUpdate. If I am not understanding correctly, please let me know so we can figure out what is needed.

If that is your goal, then why not put it in about:config so that it's common between platforms? There's putting more effort into it, and then there's having to go on another learning curve. (It's a notorious problem... it's easy to search for something if you know the search terms you are looking for, like, "json firefox disable update profile" ... but I didn't even know that this existed in the first place and was searching for "disable auto update firefox") So I was going on a real journey to find out how to do something which should be a simple operation.

There was no json by default at all. I had to do a fair amount of searching and reading to find out that there was a policy in the first place, then where to put it on my build, (and for a friend who is on Windows) and even then it didn't solve the problem. So, you see, this having to work hard is fine if you know what you're looking for to begin with. If you don't, then you're on a heck of a journey, following advice in whatever web page you happen across and that is arguably more dangerous than having an extra, "This means you won't get any updates. Are you sure you want to do this?" on a menu option. The level of frustration is unwarranted.

As for the people who never got updates... I'm scratching my head over that one, especially on the Linux platform because it should be handled by the package manager... which is exactly my problem; Firefox doing its own thing rather than me controlling things via the package manager.

Look... I've made my point. The decisions being made on behalf of the users (not only this one) is something that dis-empowers the users. I appreciate that you're trying to save people from themselves, but there is only so far you can go before you're decisions have consequences that you can't foresee. For ages I went bonkers trying to access the management interfaces on older equipment which couldn't handle https and only had http and the browser (not sure which one) refused totally to connect to an http site until I had to jump through hoops. In fact, I think I had to use another browser in the end because I got so fed up with it. I ended up with about four browsers loaded on my work system in the end, to get around insanity like this.

I'm just waiting for other browsers to follow Apple's lead and refuse to connect to anything with a cert that's more than a year old; for a similar reason; so much equipment has a self signed cert that is like thirty or so years old... and then we'll have fun and games trying to get to the management interfaces on things again.

Honestly... browsers making decisions on my behalf, really do make my job a lot harder than it should be and then instead of finding an option, ticking it off and being able to continue, I end up going on a journey that I shouldn't have to go on.

Please... put the option in a place that is easier to get to.

While writing this, I've just read Kirk Steuber's post about the long standing bug. To the best of my knowledge, that isn't the case with me because this has happened outside my running the package manager... unless the package manager is running updates without my knowledge... and if that happens I'd be very upset.

In fact, I think it was Firefox on Windows. When I connected to a site it didn't like I usually got the "I understand the risks..." but on some occasions I wouldn't get that and the browser totally refused to let me connect to the management interfaces I needed to connect to. So I had to use Chrome.

That was at my last employer, so unfortunately I can't replicate the situation. But you see my problem with decisions like these being made on my behalf.

(In reply to Michelle Knight from comment #14)

If that is your goal, then why not put it in about:config so that it's common between platforms? There's putting more effort into it, and then there's having to go on another learning curve. (It's a notorious problem... it's easy to search for something if you know the search terms you are looking for, like, "json firefox disable update profile" ... but I didn't even know that this existed in the first place and was searching for "disable auto update firefox") So I was going on a real journey to find out how to do something which should be a simple operation.

There are a couple of things here. One is that we made the explicit design choice that we do not want this to be a simple operation. We want this to be done only by people that know what they are doing and understand the potentially substantial consequences of not doing it correctly. Another reason is a technical one. Updates are inherently a per-installation thing. Not per-user or per-profile. However, the prefs in about:config are per-profile. We don't want people with many profiles to have to individually set each one of them not to update or else updates are installed despite the setting in their other profile. There are also difficulties with Background Update, which doesn't exactly use any of the user's profiles. It needs to know what settings to use, which is confusing if there are a bunch of conflicting settings in a bunch of different profiles potentially stored in arbitrary locations.

There was no json by default at all.

Since you installed this via apt, updates really ought to be disabled either at build time or by policy. Since neither of those were done, Firefox was packaged improperly. We don't do the packaging, so you should file a bug with whoever is (likely Mint).

I had to do a fair amount of searching and reading to find out that there was a policy in the first place, then where to put it on my build, (and for a friend who is on Windows) and even then it didn't solve the problem. So, you see, this having to work hard is fine if you know what you're looking for to begin with. If you don't, then you're on a heck of a journey, following advice in whatever web page you happen across and that is arguably more dangerous than having an extra, "This means you won't get any updates. Are you sure you want to do this?" on a menu option. The level of frustration is unwarranted.

In general, I expect this sort of thing to mostly be done by sysadmins and package repository maintainers, not regular users. Thus, I don't think that it is necessary for this to have a nice push button interface. Users that need nice interfaces are, after all, the exact users that we are trying to keep from editing these settings. This is what I mean when I say that we only want this to be available to a technical audience.

Also, if you don't want to run around trusting random websites with your Firefox configuration, you could just talk to us directly at chat.mozilla.org.

Look... I've made my point. The decisions being made on behalf of the users (not only this one) is something that dis-empowers the users.

At the end of the day, we are a general-audience browser, not a technical-specific-audience browser. We need to do what is best for most of our users. I actually really like the idea of having tools that are meant for a more technical audience. But unfortunately, the cost of maintaining large pieces of software is very high. We simply cannot provide, for free, a browser only meant for technical audiences.

Honestly... browsers making decisions on my behalf, really do make my job a lot harder than it should be and then instead of finding an option, ticking it off and being able to continue, I end up going on a journey that I shouldn't have to go on.

Please... put the option in a place that is easier to get to.

As I have explained, you are encountering a problem with whoever is packaging your software. When I think about your problem, the last thing in the world that I want to do is have every user of a distribution to install Firefox and be presented with a horrible update situation until it occurs to them to go turn off update. No matter how big and shiny the button would be, that is a bad situation. The correct solution is for the package maintainer to package Firefox properly.

While writing this, I've just read Kirk Steuber's post about the long standing bug. To the best of my knowledge, that isn't the case with me because this has happened outside my running the package manager... unless the package manager is running updates without my knowledge... and if that happens I'd be very upset.

In general, people see that page when they hit one of two bugs: Bug 1705217 or Bug 1480452. If you believe that you are not hitting either of these, I would be more than happy to dig into your problem with you and figure out what is going on. But, as I said in comment 13, it is very unlikely that you are in a situation where it is even possible for Firefox to update itself. Generally, package managers do not install packages with permissions set in a way that lets the package edit its own binary. This means that it is far more likely that your package manager is running updates without your knowledge. But if you really believe that it is not, I'd be happy to help you figure out what's going on. Let me know if you'd like to do that.

"At the end of the day, we are a general-audience browser, not a technical-specific-audience browser. We need to do what is best for most of our users. I actually really like the idea of having tools that are meant for a more technical audience. But unfortunately, the cost of maintaining large pieces of software is very high. We simply cannot provide, for free, a browser only meant for technical audiences."

OK - That's fair enough. I'll stop using firefox.

For your final reference, last night I did the following...

michelle@main-desktop:~$ cat /etc/firefox/policies/policies.json
{
"policies":
{
"BackgroundAppUpdate": false
"ManualAppUpdateOnly": false
}
}

...and the browser was then restarted.

This morning, I got up, settled down, started browsing and got the pop up at the top right "Update Available - Firefox couldn't update automatically. Download the new version - you won't lose saved information or customisations Dismiss Download"

I've just installed Opera and I'll see how I go.

Good luck.

Just seen that I set manual update to false. Should have set it to true. This is what happens when frustration sets in.

After changing the ManualAppUpdateOnly to True and restarting Firefox, I can report that with no manual running of the package manager update process... that it has done it again and I have the same update dialogue in the top right.

My main browsing has now been moved to Vivaldi where I enjoy the same plugins, NoScript, Privacy Badger, Fluff Busting Purity and Ublock Origin as I used on Firefox. I just have one instance with a few tabs, to troubleshoot this.

If there are any log files or anything which will help you get to the bottom of this mystery (along with speaking with the Mint team) then I'm willing to assist... but for not only this bug, but the attitude towards users, Firefox will no longer be my daily driver... and I speak as someone who used Netscape Navigator and lived through the first browser wars. So, yeah, this is a sad day for me.

My final comment on this is that the message is now a nag.

Even with the json present, Firefox knows there is an update available and repeatedly nags the user with that pop up message.

It smacks of more bad attitude towards the user. It's been told not to update itself and has decided that if it can't then it'll constantly get on the users nerves until they do it themselves.

I'm now transferring my final firefox window to vivaldi and that'll be it.

It shouldn't be bothering you to update with ManualAppUpdateOnly set to true. It sounds like you have found an alternate solution that works better for you, which I am very happy to hear. But if you do want to look into this issue, I will need Update logs from the browser console, which can be collected like this:

  1. Navigate to about:config.
  2. Set app.update.log to true.
  3. Open the Browser Console either with the hotkey Control+Shift+J, or via Hamburger Menu->More Tools->Browser Console.
  4. In the Filter textbox at the top, enter AUS:SVC to filter out everything except the update messages.
  5. Now we need the update prompt to happen. It could be that navigating to the Update section of about:preferences will be enough to trigger it. If not, you will have to wait for it to happen on its own.
  6. Copy the messages out of the Browser Console and attach them to this bug.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: