"A newer, safer version is available" shows even if there isn't and plugins don't get it at all

VERIFIED FIXED in mozilla1.9.3a1

Status

()

Toolkit
Add-ons Manager
P2
normal
VERIFIED FIXED
9 years ago
9 years ago

People

(Reporter: Dave Garrett, Assigned: Unfocused)

Tracking

({ue, verified1.9.2})

1.9.2 Branch
mozilla1.9.3a1
ue, verified1.9.2
Points:
---
Bug Flags:
blocking1.9.2 +

Firefox Tracking Flags

(status1.9.2 beta2-fixed, status1.9.1 unaffected)

Details

Attachments

(2 attachments)

(Reporter)

Description

9 years ago
In Firefox 3.5 with a blocklisted extension, in the Add-ons Manager you see either "Disabled for your protection" (hard) or "Known to cause security or stability issues" (soft). In latest Namoroka or Minefield, extensions (but not plugins) also have "A newer, safer version is available" shown for both. This shows even if there is not a newer version available.

To reproduce, you can use the testcase noted in bug 523133 comment 0 (from bug 455906) with the addition of DOM Inspector and FireGestures installed. (the given blocks are absolute, so as long as you install the current version there won't be an update available for either)

Extensions have an update system built in. It should only be saying this if it detects that in fact a "newer, safer version" that's not blocklisted is actually available. In the absence of that knowledge, it should at least say "may be available" because it doesn't actually know. (yes, we would like that we only blocklist when an update is available to migrate to, but that isn't guaranteed) Saying "is" instead of "may be" could easily mislead some users. If I got a dire sounding warning and a blocked extension labeled to have a safe update, I'd certainly be confused if pressing the "Find Updates" button right below it did nothing.

Additionally, this should be applied to plugins as equally as possible. Using the same test it will block Flash and not show this added phrase even if an old Flash version is used. (I can file this bug separately, if needed)
That message should never show for extensions, only plugins. The wording is correct (and accurate) though - it should only display for plugins marked as outdated (known to have a newer version).

For blocklisted plugins, there may or may not be a newer version. No such upgrade message currently displays for that case; but if it were to be added, it would indeed need to be phrased differently.

Patch coming up.
Assignee: nobody → bmcbride
Status: NEW → ASSIGNED
Flags: blocking1.9.2?
For clarification: By "outdated", I mean the blocklist item for the plugin has a severity of "0". The testcase mentioned here only has items with other severity levels, therefore no plugins are marked as outdated and this message never shows.
Created attachment 408818 [details] [diff] [review]
Patch v1
Attachment #408818 - Flags: review?(dtownsend)
(Reporter)

Comment 4

9 years ago
Ah, simple enough. That makes perfect sense, thanks.
(Reporter)

Comment 5

9 years ago
Created attachment 408842 [details]
test blocklist

I'm attaching a new testcase with a severity=0 plugin (Flash). With the patch, the progression once this blocklist is updated is to block the other two in the list normally without mentioning Flash, then on restart the Manager has the "newer, safer" note for Flash but not the others, and I'm now taken to the plugin check page automatically. This seems to be the full intended route working nicely now.
Attachment #408818 - Flags: review?(dtownsend) → review+
Flags: blocking1.9.2? → blocking1.9.2+
Priority: -- → P2
(Reporter)

Updated

9 years ago
status1.9.1: --- → unaffected
(In reply to comment #5)
> Created an attachment (id=408842) [details]
> test blocklist
> 
> I'm attaching a new testcase with a severity=0 plugin (Flash). With the patch,
> the progression once this blocklist is updated is to block the other two in the
> list normally without mentioning Flash, then on restart the Manager has the
> "newer, safer" note for Flash but not the others, and I'm now taken to the
> plugin check page automatically. This seems to be the full intended route
> working nicely now.

Excellent - thanks :)
Keywords: checkin-needed
http://hg.mozilla.org/mozilla-central/rev/d369e1b4085a
leaving checkin-needed for 1.9.2
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3a1
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/f334cd9548cd
status1.9.2: --- → final-fixed
Keywords: checkin-needed

Comment 9

9 years ago
hi, to clarify, is the fix here to block the text for extensions that are on the blocklist.xml file?   Trying to determine what needs testing here.
(In reply to comment #9)
> hi, to clarify, is the fix here to block the text for extensions that are on
> the blocklist.xml file?   Trying to determine what needs testing here.

Yes. The only time the phrase "A newer, safer version is available" should show is for plugins that are marked as outdated (severity=0 in blocklist.xml).
(In reply to comment #10)
> Yes. The only time the phrase "A newer, safer version is available" should show
> is for plugins that are marked as outdated (severity=0 in blocklist.xml).

Okay great.  it looks like the bug also happens when the plugin severity is set to 2 or 3 also.   I'll verify this fix in trunk and branch on the next build.
Verified fix on Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2b3pre) Gecko/20091109 Namoroka/3.6b3pre and trunk also.
Status: RESOLVED → VERIFIED
Keywords: verified1.9.2
You need to log in before you can comment on or make changes to this bug.