Closed
Bug 535514
Opened 15 years ago
Closed 10 years ago
Automatic Update allows update on Vista and above for account that is not a member of the admin group and is a member of another group.
Categories
(Toolkit :: Application Update, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: firefly4321, Unassigned)
Details
Attachments
(4 files)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6
This is a really annoying bug with firefox that happen every Automatic Update that if a normal user is logged on and firefox already download an update for that user So the Firefox updater is reader to install the new update. However since this is a regular user they wouldn't be able to install this update.
Now later on an Administrator logged in. Updated firefox, logout or restart the computer.
When the regular user logged in again firefox will attempt to run the already downloaded update even though firefox is already updated to the latest version!!!
It would be nice if the updater recheck the version before it try to run again.
Reproducible: Always
Steps to Reproduce:
1. Install an older version of firefox.
2. Log in as a user. Click Check for update. Wait for the update to finish download. Don't do the update, you can't anyway you are not the admin. Save the firefox session and logout.
3. Log in as Admin, perform the update to the latest version/logoff or restart
3. Log in as the regular user again. Start firefox.
Actual Results:
Firefox still try to run the update.
Expected Results:
Firefox shouldn't attempt to run the update again. It's already been updated!
It would be nice if the updater recheck the version before it try to run again.
I think it's pretty major since this update get stuck in an infinite loop.
Updated•15 years ago
|
Component: Installer → Application Update
Product: Firefox → Toolkit
QA Contact: installer → application.update
Updated•15 years ago
|
Version: unspecified → 1.9.1 Branch
Comment 1•15 years ago
|
||
Please attach the file install.log from the installation directory
Updated•15 years ago
|
Attachment #418125 -
Attachment mime type: application/octet-stream → text/plain
Comment 3•15 years ago
|
||
Is the regular user a member of the administrators group and do you have UAC enabled?
regular user is not in the administrator group. UAC is active.
Comment 5•15 years ago
|
||
Typically on Vista a user that isn't in the administrators group will not have the check for updates menuitem enabled and they won't download updates which I just verified. Now we just have to figure out what is different about your system that is getting by these checks. Have you changed permissions on the installation directory or the program files directory? Can you think of anything different that may cause this?
That's interesting. I didn't know that the menu suppose to gray out. I added that step to help reproduce the bug. Perhaps what happened is that I have automatic updated checked. (It's checked by default...)
So the update menu item might be grade out before that however the automatic update still pull down the files anyway. After the update file is download, that menu item is active, and it's changed to Apply Download Update now even though the system is already updated.
I will attach two screen shot of this
Also I am running Windows 7.
The Apply Update is currently active even though I logged on as a regular user with the latest update.
I just verified that the Check For Updates is also active on one of my other system even though I am current logged on as a regular user.
Perhaps this is because I am running Windows 7 and that's why the Update program failed to set that bit.
Comment 10•15 years ago
|
||
I also have Win7 and the menuitem is disabled with a regular user account for me.
Try deleting from your regular user account the following directory
%LOCALAPPDATA%\Mozilla\Firefox\Mozilla Firefox\
then start Firefox and check if the menuitem is disabled
Comment 11•15 years ago
|
||
btw: %LOCALAPPDATA%\Mozilla\Firefox\Mozilla Firefox\ is the same as
C:\Users\<username>\AppData\Local\Mozilla\Firefox\Mozilla Firefox\
Reporter | ||
Comment 12•15 years ago
|
||
I tried that with same result. The menu item is still active.
Reporter | ||
Comment 13•15 years ago
|
||
Just a thought, not sure if it will make a different.
Under Windows Update. I have checked a box that say Allow all User to Install Update or something like that. This should only pertain to windows update but again who know
Comment 14•15 years ago
|
||
In about:config please add a new boolean of app.update.log.all with a value of true. Then restart, click the Help menu without checking for updates, and report back any messages in the error console that start with AUS:
Reporter | ||
Comment 15•15 years ago
|
||
where is the error console?
Reporter | ||
Comment 16•15 years ago
|
||
nevermind got it
Reporter | ||
Comment 17•15 years ago
|
||
Is there an easy way for me to copy all the value?
Comment 18•15 years ago
|
||
For the values starting with AUS: you can right click and select copy but there is no way to copy them except one at a time
Reporter | ||
Comment 19•15 years ago
|
||
AUS:SVC UpdateService:canUpdate - testing C:\Users\Hummy\AppData\Local\Mozilla\Firefox\Mozilla Firefox\update.test
AUS:SVC UpdateService:canUpdate - testing C:\Users\Hummy\AppData\Local\Mozilla\Firefox\Mozilla Firefox\updates\0\update.test
AUS:SVC UpdateService:canUpdate - windowsVersion = 6.1
AUS:SVC UpdateService:canUpdate - on Vista, userCanElevate: true
AUS:SVC UpdateService:canUpdate - able to update
AUS:SVC General:readStringFromFile - file doesn't exist: C:\Users\Hummy\AppData\Local\Mozilla\Firefox\Mozilla Firefox\updates\0\update.status
AUS:SVC General:readStatusFile - status: null, path: C:\Users\Hummy\AppData\Local\Mozilla\Firefox\Mozilla Firefox\updates\0\update.status
AUS:SVC UpdateService:_postUpdateProcessing - no status, no update
AUS:SVC UpdateManager:_loadXMLFileIntoArray: XML file does not exist
Reporter | ||
Comment 20•15 years ago
|
||
So as far as firefox is concern windows 7 is just "Vista" MS gonna cry now :)
Comment 21•15 years ago
|
||
It looks like the OS is reporting that you are able to elevate to admin. Is your regular user account a member of a group besides Users?
Reporter | ||
Comment 22•15 years ago
|
||
I think we are getting somewhere.
Yes
Remote Desktop Users and Network Configuration Operators.
Reporter | ||
Comment 23•15 years ago
|
||
Actually I think that is the bug right there.
Right now firefox think that
Able to elevate != can update, but infact this is not true in all cases.
Able to elevate mean user might be able to update. Hence in the case that user might not be able to update we need a fall back mechanism. So we probably just need to add another flag that prevent the update from running again and again if the user choose to cancel if they don't have the password to elevate the permission.
Reporter | ||
Comment 24•15 years ago
|
||
I made an error in my previous comment.
Actually I think that is the bug right there.
Right now firefox think that
Able to elevate == can update, but infact this is not true in all cases.
Able to elevate mean user might be able to update. Hence in the case that user
might not be able to update we need a fall back mechanism. So we probably just
need to add another flag that prevent the update from running again and again
if the user choose to cancel if they don't have the password to elevate the
permission.
Reporter | ||
Comment 25•15 years ago
|
||
Right now user have no way to cancel this process... I proposed that we should add a cancel button to this dialog.
Secondly, I think that we should also do a version check prior to run the update.
If update version == current version perhaps we should ask the user if they want to do a force update?
Comment 26•15 years ago
|
||
Adding a cancel button is an already filed bug.
Checking version == current would break nightly builds.
Summary: Automatic Update keep trying to update even if firefox is already updated → Automatic Update allows update on Vista and above for account that is not a member of the admin group and is a member of another group.
Reporter | ||
Comment 27•15 years ago
|
||
Thanks Robert for keeping on top of things. I did not know adding cancel is already a filled bug.
I wonder how checking version = current would break nightly builds could you share some insight on this when you have time?
If that is the case how about we do this. Since if the user can elevate that mean they might or might not be able to run the update. However either way it would require the user intervention anyway. So I propose
if user can elevate = true
set automatic update = false
set update notification = true (I don't know if this is in place already or not)
So we'll let them know hey, there is a new version do you want to update or not?
Comment 28•15 years ago
|
||
(In reply to comment #27)
> Thanks Robert for keeping on top of things. I did not know adding cancel is
> already a filled bug.
>
> I wonder how checking version = current would break nightly builds could you
> share some insight on this when you have time?
Nightly builds have the same version number as the previous nightly until there is a version change for an alpha or beta.
> If that is the case how about we do this. Since if the user can elevate that
> mean they might or might not be able to run the update. However either way it
> would require the user intervention anyway. So I propose
>
> if user can elevate = true
> set automatic update = false
> set update notification = true (I don't know if this is in place already or
> not)
> So we'll let them know hey, there is a new version do you want to update or
> not?
That makes the assumption that saying no to one update is saying no to future updates.
I'll be working on changing the update process 1st quarter 2010 which will change this specific behavior so it will likely be fixed then.
btw: notifications for non-privileged users was recently fixed in regards to "hey, there is a new version".
Reporter | ||
Comment 29•15 years ago
|
||
Sound good, thanks again Robert. I appreciate the work you guys are doing.
That makes the assumption that saying no to one update is saying no to future
updates.
I think we should keep bugging the users every time there is a new version...
Comment 30•10 years ago
|
||
With the maintenance service and version checks added awhile ago this is wfm.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•