Closed Bug 535514 Opened 15 years ago Closed 10 years ago

Automatic Update allows update on Vista and above for account that is not a member of the admin group and is a member of another group.

Categories

(Toolkit :: Application Update, defect)

Product:
Toolkit
Component:
Application Update
Version:
1.9.1 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: firefly4321, Unassigned)

Details

Attachments

(4 files)

install log
45.78 KB, text/plain
Details
about box
101.23 KB, image/png
Details
update
130.58 KB, image/png
Details
Firefox update dialog
40.65 KB, image/png
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 This is a really annoying bug with firefox that happen every Automatic Update that if a normal user is logged on and firefox already download an update for that user So the Firefox updater is reader to install the new update. However since this is a regular user they wouldn't be able to install this update. Now later on an Administrator logged in. Updated firefox, logout or restart the computer. When the regular user logged in again firefox will attempt to run the already downloaded update even though firefox is already updated to the latest version!!! It would be nice if the updater recheck the version before it try to run again. Reproducible: Always Steps to Reproduce: 1. Install an older version of firefox. 2. Log in as a user. Click Check for update. Wait for the update to finish download. Don't do the update, you can't anyway you are not the admin. Save the firefox session and logout. 3. Log in as Admin, perform the update to the latest version/logoff or restart 3. Log in as the regular user again. Start firefox. Actual Results: Firefox still try to run the update. Expected Results: Firefox shouldn't attempt to run the update again. It's already been updated! It would be nice if the updater recheck the version before it try to run again. I think it's pretty major since this update get stuck in an infinite loop.
Component: Installer → Application Update
Product: Firefox → Toolkit
QA Contact: installer → application.update
Version: unspecified → 1.9.1 Branch
Please attach the file install.log from the installation directory
Attached file install log
Attachment #418125 - Attachment mime type: application/octet-stream → text/plain
Is the regular user a member of the administrators group and do you have UAC enabled?
regular user is not in the administrator group. UAC is active.
Typically on Vista a user that isn't in the administrators group will not have the check for updates menuitem enabled and they won't download updates which I just verified. Now we just have to figure out what is different about your system that is getting by these checks. Have you changed permissions on the installation directory or the program files directory? Can you think of anything different that may cause this?
That's interesting. I didn't know that the menu suppose to gray out. I added that step to help reproduce the bug. Perhaps what happened is that I have automatic updated checked. (It's checked by default...) So the update menu item might be grade out before that however the automatic update still pull down the files anyway. After the update file is download, that menu item is active, and it's changed to Apply Download Update now even though the system is already updated. I will attach two screen shot of this Also I am running Windows 7.
Attached image about box
Attached image update
The Apply Update is currently active even though I logged on as a regular user with the latest update.
I just verified that the Check For Updates is also active on one of my other system even though I am current logged on as a regular user. Perhaps this is because I am running Windows 7 and that's why the Update program failed to set that bit.
I also have Win7 and the menuitem is disabled with a regular user account for me. Try deleting from your regular user account the following directory %LOCALAPPDATA%\Mozilla\Firefox\Mozilla Firefox\ then start Firefox and check if the menuitem is disabled
btw: %LOCALAPPDATA%\Mozilla\Firefox\Mozilla Firefox\ is the same as C:\Users\<username>\AppData\Local\Mozilla\Firefox\Mozilla Firefox\
I tried that with same result. The menu item is still active.
Just a thought, not sure if it will make a different. Under Windows Update. I have checked a box that say Allow all User to Install Update or something like that. This should only pertain to windows update but again who know
In about:config please add a new boolean of app.update.log.all with a value of true. Then restart, click the Help menu without checking for updates, and report back any messages in the error console that start with AUS:
where is the error console?
nevermind got it
Is there an easy way for me to copy all the value?
For the values starting with AUS: you can right click and select copy but there is no way to copy them except one at a time
AUS:SVC UpdateService:canUpdate - testing C:\Users\Hummy\AppData\Local\Mozilla\Firefox\Mozilla Firefox\update.test AUS:SVC UpdateService:canUpdate - testing C:\Users\Hummy\AppData\Local\Mozilla\Firefox\Mozilla Firefox\updates\0\update.test AUS:SVC UpdateService:canUpdate - windowsVersion = 6.1 AUS:SVC UpdateService:canUpdate - on Vista, userCanElevate: true AUS:SVC UpdateService:canUpdate - able to update AUS:SVC General:readStringFromFile - file doesn't exist: C:\Users\Hummy\AppData\Local\Mozilla\Firefox\Mozilla Firefox\updates\0\update.status AUS:SVC General:readStatusFile - status: null, path: C:\Users\Hummy\AppData\Local\Mozilla\Firefox\Mozilla Firefox\updates\0\update.status AUS:SVC UpdateService:_postUpdateProcessing - no status, no update AUS:SVC UpdateManager:_loadXMLFileIntoArray: XML file does not exist
So as far as firefox is concern windows 7 is just "Vista" MS gonna cry now :)
It looks like the OS is reporting that you are able to elevate to admin. Is your regular user account a member of a group besides Users?
I think we are getting somewhere. Yes Remote Desktop Users and Network Configuration Operators.
Actually I think that is the bug right there. Right now firefox think that Able to elevate != can update, but infact this is not true in all cases. Able to elevate mean user might be able to update. Hence in the case that user might not be able to update we need a fall back mechanism. So we probably just need to add another flag that prevent the update from running again and again if the user choose to cancel if they don't have the password to elevate the permission.
I made an error in my previous comment. Actually I think that is the bug right there. Right now firefox think that Able to elevate == can update, but infact this is not true in all cases. Able to elevate mean user might be able to update. Hence in the case that user might not be able to update we need a fall back mechanism. So we probably just need to add another flag that prevent the update from running again and again if the user choose to cancel if they don't have the password to elevate the permission.
Attached image Firefox update dialog
Right now user have no way to cancel this process... I proposed that we should add a cancel button to this dialog. Secondly, I think that we should also do a version check prior to run the update. If update version == current version perhaps we should ask the user if they want to do a force update?
Adding a cancel button is an already filed bug. Checking version == current would break nightly builds.
Summary: Automatic Update keep trying to update even if firefox is already updated → Automatic Update allows update on Vista and above for account that is not a member of the admin group and is a member of another group.
Thanks Robert for keeping on top of things. I did not know adding cancel is already a filled bug. I wonder how checking version = current would break nightly builds could you share some insight on this when you have time? If that is the case how about we do this. Since if the user can elevate that mean they might or might not be able to run the update. However either way it would require the user intervention anyway. So I propose if user can elevate = true set automatic update = false set update notification = true (I don't know if this is in place already or not) So we'll let them know hey, there is a new version do you want to update or not?
(In reply to comment #27) > Thanks Robert for keeping on top of things. I did not know adding cancel is > already a filled bug. > > I wonder how checking version = current would break nightly builds could you > share some insight on this when you have time? Nightly builds have the same version number as the previous nightly until there is a version change for an alpha or beta. > If that is the case how about we do this. Since if the user can elevate that > mean they might or might not be able to run the update. However either way it > would require the user intervention anyway. So I propose > > if user can elevate = true > set automatic update = false > set update notification = true (I don't know if this is in place already or > not) > So we'll let them know hey, there is a new version do you want to update or > not? That makes the assumption that saying no to one update is saying no to future updates. I'll be working on changing the update process 1st quarter 2010 which will change this specific behavior so it will likely be fixed then. btw: notifications for non-privileged users was recently fixed in regards to "hey, there is a new version".
Sound good, thanks again Robert. I appreciate the work you guys are doing. That makes the assumption that saying no to one update is saying no to future updates. I think we should keep bugging the users every time there is a new version...
With the maintenance service and version checks added awhile ago this is wfm.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: