Browser updates repeatedly instead of launching when the interactive user account has admin permissions (without a UAC)
Categories
(Toolkit :: Application Update, defect, P1)
Tracking
()
People
(Reporter: chuacw, Assigned: bytesized)
References
(Regression)
Details
(Keywords: regression, Whiteboard: [fidedi-ope])
Attachments
(22 files)
|
13.24 KB,
image/png
|
Details | |
|
8.26 KB,
application/octet-stream
|
Details | |
|
2.60 KB,
application/octet-stream
|
Details | |
|
62.82 KB,
image/png
|
Details | |
|
14.40 KB,
text/xml
|
Details | |
|
61.25 KB,
image/png
|
Details | |
|
13.28 KB,
application/octet-stream
|
Details | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr115+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr115+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr115+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr115+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr115+
|
Details | Review |
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
Steps to reproduce:
Click on Firefox Nightly icon
Firefox Nightly 133.0.0.700
Product version 133.0a1
Actual results:
It shows "Firefox Nightly is installing your updates and will start in a few moments", then the dialog disappeared and Nightly didn't start.
Expected results:
Nightly should have started.
Comment 1•1 year ago
|
||
The Bugbug bot thinks this bug should belong to the 'Toolkit::Application Update' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
| Assignee | ||
Comment 2•1 year ago
|
||
Could you please attach update logs?
- Navigate to
about:support - Find the "Update Folder" entry and click "Open Folder".
- Open the
updatesdirectory. - Inside, you should find some
.logfiles:last-update.log,last-update-elevated.log,backup-update.log,backup-update-elevated.log. They may not all exist. Please attach whichever ones do exist to this bug.
| Reporter | ||
Comment 3•1 year ago
|
||
I've reinstalled Nightly from the Installer, so I don't have any logs in there.
| Assignee | ||
Comment 4•1 year ago
|
||
Okay, it sounds like all possible debugging information is probably gone then. If this happens again, you can send us the information that we need and we can reopen this bug. But there isn't much we can do here until then.
| Reporter | ||
Comment 5•1 year ago
|
||
Ok, this happened again on the latest update.
How do I navigate to about:support if I can't even open Nightly?
| Reporter | ||
Comment 6•1 year ago
|
||
| Reporter | ||
Comment 7•1 year ago
|
||
| Reporter | ||
Comment 8•1 year ago
|
||
I think I found the files by looking at the latest date, and directory.
Hope these are the correct files.
| Assignee | ||
Comment 9•1 year ago
|
||
Ah, yes. These are some of the correct files. I forgot about one detail though: since your updater is hanging, it will never successfully put the elevated update logs in the right place. Could you retrieve it from the the Maintenance Service directory? You should be able to find the log file at C:\Program Files (x86)\Mozilla Maintenance Service\UpdateLogs\<update_directory_name>.log.
| Reporter | ||
Comment 11•1 year ago
|
||
So, another issue here. Update failed, it should have rollback, so I can use the version of Nightly before the update, but it didn't rollback.
If I click the Nightly icon again, it tries to update again.
| Assignee | ||
Comment 12•1 year ago
|
||
Are you sure these are the correct logs? This line sure doesn't seem likely from a Nightly installation
2024-10-08 19:24:02+0800: INSTALLATION DIRECTORY C:\Program Files\Firefox Developer Edition
They also don't really suggest any problem. They do suggest an unusual configuration
2024-10-08 19:24:02+0800: sUsingService=false
...
2024-10-08 19:24:02+0800: gIsElevated=false
...
2024-10-08 19:24:02+0800: INSTALLATION DIRECTORY C:\Program Files\Firefox Developer Edition
...
2024-10-08 19:24:02+0800: Successfully opened lock file
2024-10-08 19:24:02+0800: Going to update via this updater instance.
I'd be lying if I said I wasn't pretty curious how the heck it is updating an installation in Program Files without elevating. Suggests Firefox is either being run with privileges, which is alarming. Or Program Files is writable without elevated privileges. Which is also alarming.
| Assignee | ||
Updated•1 year ago
|
| Reporter | ||
Comment 13•1 year ago
|
||
Ok, I have no logs then, but I've attached a screenshot that shows the issue happens on local time 7 Oct 2024 8:40:02pm.
| Reporter | ||
Comment 14•1 year ago
|
||
| Assignee | ||
Comment 15•1 year ago
|
||
Oh, well I see that you at least have an update history file. That might at least give me a hint as to what's going on. That will be a file called updates.xml in the update directory. Can I see that?
| Reporter | ||
Comment 16•1 year ago
|
||
Just logging info here for my own use for the next failure:
Update folder for Nightly:
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\6F193CCC56814779
| Reporter | ||
Comment 18•1 year ago
|
||
screenshot of latest update failures
| Reporter | ||
Comment 19•1 year ago
|
||
This log is from C:\Program Files (x86)\Mozilla Maintenance Service\UpdateLogs
| Reporter | ||
Comment 20•1 year ago
|
||
I'd be lying if I said I wasn't pretty curious how the heck it is updating an installation in
Program Fileswithout elevating. Suggests Firefox is either being run with privileges, which is alarming. OrProgram Filesis writable without elevated privileges. Which is also alarming.
I was doing some development work, so I ran all editions of Firefox (stable/Nightly/Developer) using an account that has UAC disabled.
| Assignee | ||
Comment 21•1 year ago
|
||
Alright, I think I have tracked down the source of the problem. It actually has to do with exactly this:
I ran all editions of Firefox (stable/Nightly/Developer) using an account that has UAC disabled.
Usually, the updater runs unelevated initially and then, if necessary, it starts another instance of the updater with elevated privileges to operate on the installed files. The elevated updater saves its output (status, logs, etc) to another privileged directory. Then, when it exits, the unelevated updater examines its output to complete the final stages of the update.
But when we made this change, we changed how the updater detects if it is the first update process or the second one. We made the assumption that if the process has administrator privileges, it must be the second process run. This means that, in your case, the updater immediately thinks it is running for the second time. This causes it not to (a) on launch, change the status to show that the update is in-progress, (b) write its final status back to the original status file, or (c) start Firefox again after it exits. Normally the first updater process would do all of those things. Since we never change the status file, every time Firefox launches, it thinks it is seeing that update for the first time. And combined with missing behavior (c), this means that Firefox never launches successfully.
The audience for this is probably small because it requires that your account be set up in an unusual way. But the effect is to completely break Firefox in a way that requires either technical knowledge or reinstallation to recover from, and the trigger is updating completely normally. So this is a serious issue. I will try to get a patch up for this ASAP.
Chua Chee Wee, thank you for reporting this.
Comment 22•1 year ago
|
||
:nrishel, since you are the author of the regressor, bug 1917536, could you take a look?
For more information, please visit BugBot documentation.
Updated•1 year ago
|
Updated•1 year ago
|
| Reporter | ||
Comment 23•1 year ago
|
||
But when we made this change, we changed how the updater detects if it is the first update process or the second one. We made the assumption that if the process has administrator privileges, it must be the second process run. This means that, in your case, the updater immediately thinks it is running for the second time. This causes it not to (a) on launch, change the status to show that the update is in-progress, (b) write its final status back to the original status file, or (c) start Firefox again after it exits. Normally the first updater process would do all of those things. Since we never change the status file, every time Firefox launches, it thinks it is seeing that update for the first time. And combined with missing behavior (c), this means that Firefox never launches successfully.
Thanks for explaining this and letting me understand Firefox better, and it was interesting to read the code referred above, and I see you have code to detect whether the process is launched under an admin account with UAC disabled.
I looked at the error log in the other ticket, 1922920 and it appears to contain the same content as mine!
Could you help me understand why the change referred above, was made?
Thank you!
| Assignee | ||
Comment 24•1 year ago
|
||
(In reply to Chua Chee Wee from comment #23)
Could you help me understand why the change referred above, was made?
I'm afraid that since Bug 1917536 is still marked as secure, I can't really get into it.
| Assignee | ||
Updated•1 year ago
|
| Assignee | ||
Updated•1 year ago
|
Comment 26•1 year ago
|
||
I've pushed a backout of bug 1917536 to the Beta branch for tomorrow's 132.0b6 build while we continue to work through this regression.
| Assignee | ||
Comment 27•1 year ago
|
||
We need to add an argument to this executable, but it is made more difficult than it needs to be by the fact that we refer to arguments by number all over this code. Which, to be honest, also just makes the code harder to understand than necessary. This patch simply adds swaps out raw index values for variables in order to make this easier to understand.
There should only be one actual functionality change in this patch. This particular invocation of LaunchCallbackApp inexplicably passes the path to the callback binary as the first argument instead of the path to the callback's working directory. Presumably this is a bug.
| Assignee | ||
Comment 28•1 year ago
|
||
Note that this patch does not implement the proper usage of the argument. It reads the argument but then does nothing with it.
| Assignee | ||
Comment 29•1 year ago
|
||
Comment 30•1 year ago
|
||
After discussing with Robin, we've backed out the regressing change ahead of the next round of Nightly builds due to start shortly.
Comment 31•1 year ago
|
||
We won't be attempting to re-land the patch that caused this regression this cycle. Updating the tracking flags accordingly.
Updated•1 year ago
|
Updated•1 year ago
|
| Assignee | ||
Comment 32•1 year ago
|
||
Updated•1 year ago
|
| Assignee | ||
Comment 33•1 year ago
|
||
This patch basically reimplements this functionality (removed in Bug 1917536), but using the mechanism introduced by Bug 1923376 to convey which invocation the updater should run as.
| Assignee | ||
Updated•1 year ago
|
Updated•1 year ago
|
| Reporter | ||
Updated•1 year ago
|
| Assignee | ||
Updated•1 year ago
|
| Assignee | ||
Updated•1 year ago
|
| Assignee | ||
Comment 34•1 year ago
|
||
I'm not really sure why you closed this bug. I am still working on a patch. The bug will be automatically closed when it merges.
Updated•1 year ago
|
Comment 35•1 year ago
|
||
Setting Fx133 to disabled since Bug 1917536 was backed out before Fx133 went to beta
Updated•1 year ago
|
Comment 36•1 year ago
|
||
Comment 37•1 year ago
|
||
Backed out for causing build bustages @updater.cpp.
| Assignee | ||
Comment 38•1 year ago
|
||
I think I addressed the problem. Re-merging.
Updated•1 year ago
|
Comment 39•1 year ago
|
||
Comment 40•1 year ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/258949ba2ec4
https://hg.mozilla.org/mozilla-central/rev/5b26561eae74
https://hg.mozilla.org/mozilla-central/rev/7d71532633b3
https://hg.mozilla.org/mozilla-central/rev/f133a856cc4a
https://hg.mozilla.org/mozilla-central/rev/f538ea57a5f9
Comment 41•1 year ago
•
|
||
Backed out alongside Bug 1917536 for causing bustage @ updater.cpp in mozilla-central
Updated•1 year ago
|
Comment 42•1 year ago
|
||
Backout merged to central: https://hg.mozilla.org/mozilla-central/rev/7dc4f9a38ea9
Comment 43•1 year ago
|
||
Comment 44•1 year ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/950417640ee4
https://hg.mozilla.org/mozilla-central/rev/a01206f5887c
https://hg.mozilla.org/mozilla-central/rev/4e87e80d48fd
https://hg.mozilla.org/mozilla-central/rev/4c7c00c2a9eb
https://hg.mozilla.org/mozilla-central/rev/e8abed69355a
Comment 45•1 year ago
|
||
We should get extra QA smoke testing around Nightly updates for this and bug 1917536.
Updated•1 year ago
|
(In reply to Ryan VanderMeulen [:RyanVM] from comment #45)
We should get extra QA smoke testing around Nightly updates for this and bug 1917536.
We are done with the testing from bug 1917536 where we also covered a few scenarios with admin user and no UAC and we did not find any issues updating to latest Beta version.
Comment 47•1 year ago
|
||
Backed out for 135.0rc1 while the investigation of bug 1937806 continues.
https://hg.mozilla.org/releases/mozilla-release/rev/983c92bf7d784b40684da7409a2f72d69a14eec0
Comment 48•1 year ago
|
||
Backed out from 136 beta for causing bug 1945654 preventing shipping beta 1.
Updated•1 year ago
|
Comment 49•1 year ago
•
|
||
When uplifting this, Bug 1946084 and Bug 1945654 will be required on ESR128/ESR115
Comment 50•1 year ago
|
||
We need to add an argument to this executable, but it is made more difficult than it needs to be by the fact that we refer to arguments by number all over this code. Which, to be honest, also just makes the code harder to understand than necessary. This patch simply swaps out raw index values for variables in order to make this easier to understand.
There should only be one actual functionality change in this patch. This particular invocation of LaunchCallbackApp inexplicably passes the path to the callback binary as the first argument instead of the path to the callback's working directory. Presumably this is a bug.
Original Revision: https://phabricator.services.mozilla.com/D225420
Updated•1 year ago
|
Comment 51•1 year ago
|
||
Note that this patch does not implement the proper usage of the argument. It reads the argument but then does nothing with it.
Original Revision: https://phabricator.services.mozilla.com/D225421
Updated•1 year ago
|
Comment 52•1 year ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D225742
Updated•1 year ago
|
Comment 53•1 year ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D225422
Updated•1 year ago
|
Comment 54•1 year ago
|
||
This patch basically reimplements this functionality (removed in Bug 1917536), but using the mechanism introduced by Bug 1923376 to convey which invocation the updater should run as.
Original Revision: https://phabricator.services.mozilla.com/D225743
Updated•1 year ago
|
Comment 55•1 year ago
|
||
We need to add an argument to this executable, but it is made more difficult than it needs to be by the fact that we refer to arguments by number all over this code. Which, to be honest, also just makes the code harder to understand than necessary. This patch simply swaps out raw index values for variables in order to make this easier to understand.
There should only be one actual functionality change in this patch. This particular invocation of LaunchCallbackApp inexplicably passes the path to the callback binary as the first argument instead of the path to the callback's working directory. Presumably this is a bug.
Original Revision: https://phabricator.services.mozilla.com/D225420
Updated•1 year ago
|
Comment 56•1 year ago
|
||
Note that this patch does not implement the proper usage of the argument. It reads the argument but then does nothing with it.
Original Revision: https://phabricator.services.mozilla.com/D225421
Updated•1 year ago
|
Comment 57•1 year ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D225742
Updated•1 year ago
|
Comment 58•1 year ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D225422
Updated•1 year ago
|
Comment 59•1 year ago
|
||
This patch basically reimplements this functionality (removed in Bug 1917536), but using the mechanism introduced by Bug 1923376 to convey which invocation the updater should run as.
Original Revision: https://phabricator.services.mozilla.com/D225743
Updated•1 year ago
|
Comment 60•1 year ago
|
||
This bug is backed out on 137 beta, thanks.
Updated•1 year ago
|
Updated•1 year ago
|
Updated•1 year ago
|
Updated•1 year ago
|
Updated•1 year ago
|
Updated•1 year ago
|
Updated•1 year ago
|
Comment 61•1 year ago
|
||
| uplift | ||
Updated•1 year ago
|
Updated•1 year ago
|
Updated•1 year ago
|
Updated•1 year ago
|
Updated•1 year ago
|
Updated•1 year ago
|
Comment 62•1 year ago
|
||
| uplift | ||
Updated•1 year ago
|
Updated•1 year ago
|
Updated•1 year ago
|
After discussing on slack with :nrishel there will be no manual QA needed here due to complications, we'll rely on automated tests. Dropping qa-verify+
Description
•