Open Bug 1895327 Opened 1 year ago Updated 1 year ago

Helper.exe uninstallation for non-admin install does not remove registry entries when run from a different account

Categories

(Firefox :: Installer, defect, P5)

Product:
Firefox
Component:
Installer
Version:
Firefox 125
Type:
defect

Tracking

()

People

(Reporter: emilio97, Unassigned)

Details

Steps to reproduce:

When installing Firefox on Windows, if "No" is selected at the UAC prompt for admin credentials, the installer will proceed and install Firefox to the user's AppData folder, and write to HKCU for that user.

If I switch accounts, navigate to the original user's AppData and run helper.exe -ms, the files will be removed, but the registry entry in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ for the original user stays behind.

The results are the same whether or not the original user remains signed in or logs out.

If helper.exe is run from within the original user's account, the files and registry keys are successfully removed

Actual results:

After running helper.exe from a different user's account, the files in C:\Users\%user%\AppData\Local\Mozilla Firefox are removed, but the registry key under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ is left behind.

Expected results:

helper.exe should remove the registry keys for the user that originally installed Firefox to their AppData folder.

This is important because we'd like to remove non-standard (non-Program Files) installations using our endpoint management software, which runs as SYSTEM, and fails to remove the relevant registry keys unless we load each hive and delete the keys manually.

The Bugbug bot thinks this bug should belong to the 'Firefox::Installer' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Installer

I can confirm that this is an issue, but it's a known issue and it's pretty fundamental to the architecture of the install/uninstall process. It's something we're very unlikely to address: in general, User A and User B have partitioned namespaces and trying to administer one from the other is a fool's errand. The exception is SYSTEM, which we handle: why not install with UAC elevation, leaving registry entries in HKLM that will be cleaned up with the system-wide uninstall?

I think this is WONTFIX but I'll wait for others to respond if they feel otherwise.

Our goal is to specifically clean up installations that were installed without UAC elevation. Sometimes non-admin users download and try installing Firefox on their own, which becomes a pain for us to update/manage. Our vulnerability scanning software detects these installations, as well as their registry entries in HKCU, which is why we want them cleaned up.

Running helper.exe from SYSTEM does not remove keys from the user's HKCU either. To be clear, our plan has always been to uninstall through SYSTEM using out endpoint management tools — the example of signing out, etc. was just to reproduce the problem.

Partially because of this, Firefox represents a large chunk of our overall detected vulnerabilities. We push out and update Firefox installations in C:\Program Files, but if a user tried installing, for example, Firefox 99.0 a few years ago, it's going to sit there, unupdated, racking up vulnerabilities.

I can understand that helper.exe may not be the tool for the job, but there should be some supported way for IT admins to properly clear out AppData installations while preserving the "proper" Program Files installations.

Summary: Helper.exe uninstallation for Current-User installation does not remove registry entries when run from a different account → Helper.exe uninstallation for non-admin install does not remove registry entries when run from a different account

Setting some placeholder priority/severity, but I've scheduled to bring this up in triage as possibly relevant for enterprise needs.

Severity: -- → S4
Priority: -- → P3

Is Firefox 99 actually sitting there or just the registry keys?

Are you asking for a general cleanup tool for Firefox or for a specific bug related to uninstall?

Running the helper for a given version of Firefox should only uninstall that version.

"Firefox 99 sitting there" is in reference to the situation we're trying to remediate — old, forgotten copies installed to AppData that aren't getting patched because of their non-standard install location.

When we run helper.exe -ms via SYSTEM to uninstall these AppData installations, the files are removed, but the registry keys in HKCU are not. This is what I reported as a bug.

If, per Nick Alexander's comment, this is a WONTFIX, then in that case I would ask for a general cleanup tool, or some official method to remove AppData installation and their entries in the registry.

I think this is WONTFIX but I'll wait for others to respond if they feel otherwise.

I understand this in the User can't understand other user case (that seems logical), but why wouldn't an uninstall run at the SYSTEM level remove the user keys?

Priority: P3 → P5
Status: UNCONFIRMED → NEW
Ever confirmed: true
You need to log in before you can comment on or make changes to this bug.