Closed Bug 593571 Opened 10 years ago Closed 8 years ago

Support signed updates in Thunderbird


(Thunderbird :: Preferences, defect)

Not set


(thunderbird15+ fixed, thunderbird16+ fixed, thunderbird-esr1015+ fixed)

Thunderbird 17.0
Tracking Status
thunderbird15 + fixed
thunderbird16 + fixed
thunderbird-esr10 15+ fixed


(Reporter: standard8, Assigned: standard8)




(1 file)

Bug 583408 added a few default prefs, see that bug and bug 593135 for some of the things we need to pull across.
Hi Mark, I moved this over to preferences since that is all that needs to be added to implement this and it has nothing to do with the installer code.
Component: Installer → Preferences
QA Contact: installer → preferences
Depends on: 745536
Assignee: nobody → mbanner
Attached patch The fixSplinter Review
This ports the necessary work of the dependent bugs to Thunderbird. Now we're on aus3, this is much easier, as it is just a matter of matching Firefox's prefs.

I've been running with these set manually for a month or so now (and Ludovic also ran for a bit) and its been fine, so I think we should just get on and do this and make our updates even more secure.

In the patch I also moved a couple of prefs just to match closer the diffs to the ones in the firefox.js file.

I'll be looking to get this into the beta on Tuesday, so that we've a couple of cycles to test it.
Attachment #648795 - Flags: review?(irving)
Comment on attachment 648795 [details] [diff] [review]
The fix

Review of attachment 648795 [details] [diff] [review]:

The preferences look fine, and my trunk Thunderbird loads without complaint with this patch applied, but there's not much more I can say about it without testing against an update server (beyond just clicking "check for updates" and having it reply "none found", which I did try).

Do you know if the Firefox team has a test harness for this including servers with bad certificates, incorrectly signed updates, etc?
Attachment #648795 - Flags: review?(irving) → review+
These changes are only for the cert attribute check when checking for an update and there are toolkit tests under

Checked in:
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 17.0
Comment on attachment 648795 [details] [diff] [review]
The fix

[Triage Comment]
I want to deploy this everywhere as an additional security layer for updates.
Attachment #648795 - Flags: approval-comm-esr10+
Attachment #648795 - Flags: approval-comm-beta+
Attachment #648795 - Flags: approval-comm-aurora+
Unfortunately, this patch broke updates through our locally hosted Thunderbird ESR update server. See bug 800307.
You need to log in before you can comment on or make changes to this bug.