797676 - Warn the user when we know or suspect that the system time is wrong

Status: RESOLVED DUPLICATE of bug 1267229

(Core Graveyard :: Security: UI, enhancement)

Description

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

+++ This bug was initially created as a clone of Bug #783757 +++

Generally, users upgrade their Firefox every 6 weeks(ish). We know what time we built the Firefox binary that we ship.

If the current system time is before the time we built Firefox, we *know* the system time is wrong. [Insert time travel joke here.] My hypothesis is that the system time is almost always wrong in the past direction, because (a) computers tend to reset the time to earlier times when they have power issues, (b) there are some users who intentionally set their system time back in the past, e.g. to try to circumvent some time-limited software copy protection mechanisms (though this rarely works anymore, as software vendors became smarter about preventing this). Accordingly, if we detect that the system time is definitely wrong in the past direction, then we should tell the user about the problem and help them fix it (e.g. by providing a link to the app that lets them fix the system time), instead of complaining about a problem with the certificate.

Also, if the user hasn't upgraded their Firefox in the last 12 weeks, it is definitely out of date and probably has significant security issues that need to be fixed with an upgrade right away. So, if the current system time appears to be <build time> + 12 weeks or more in the future, that is a good indication that the system time is wrong in the future direction, or the user is having some trouble with Firefox's automatic updates. In that case, it's a good idea to warn the user that their Firefox is out of date and/or the time is wrong, and help them fix the system time (e.g. by linking to the system time adjustment app) and/or download a new Firefox.

Further, there are lots of things that we regularly download from mozilla.org that include an even more precise approximation of the system time. These timestamps are protected by digital signatures, so we can generally rely on them being accurate.

See bug 783757 for how this time of enhancement could improve the usability of certificate error pages. However, I doubt that SSL certificate error detection is not the only security-sensitive use of the system time. Having the wrong system time can cause us to give the user old (perhaps dangerous) content from our HTTP cache. (Old cached content is a problem not only for security, but causes "Firefox doesn't work"-itis.) Also, perhaps if/how/when we check for Firefox update is negatively impacted by having a bad system time. I am sure there are more cases too.