Closed Bug 868746 Opened 7 years ago Closed 7 years ago

Installer should quote the 'uninstallstring' registry value in case a non OS builtin app uses the value

Categories

(Firefox :: Installer, defect, trivial)

x86
Windows 7
defect
Not set
trivial

Tracking

()

RESOLVED FIXED
Firefox 23

People

(Reporter: stefan.kanthak, Assigned: robert.strong.bugs)

References

Details

Attachments

(1 file)

User Agent: Opera/9.80 (Windows NT 5.0; U; de) Presto/2.10.289 Version/12.02

Steps to reproduce:

Install Mozilla Firefox or Mozilla Thunderbird or Mozilla Seamonkey


Actual results:

Installer creates vulnerable command line(s) with unquoted spaces

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla <something>]
"UninstallString"="C:\Program Files\Moziila <something>\uninstall\helper.exe"


Expected results:

ALL command lines containing spaces in paths MUST be properly quoted!
Component: General → Installer
Product: Core → Firefox
Stefan, have you actually verified that the value of UninstallString when it is unquoted is actually vulnerable? If not, please do so and report back. Thanks!
regarding comment #1
Flags: needinfo?(stefan.kanthak)
(In reply to Robert Strong [:rstrong] (do not email) from comment #1)
> Stefan, have you actually verified that the value of UninstallString when it
> is unquoted is actually vulnerable? If not, please do so and report back.
> Thanks!

Create a copy of NOTEPAD.EXE as C:\Program.exe and/or "C:\Program Files\Mozilla.exe" and start the uninstallation of a Mozilla product.

Cf. <https://support.microsoft.com/kb/2781197> alias
<http://technet.microsoft.com/security/bulletin/ms13-034>
or <http://seclists.org/fulldisclosure/2013/May/10> for the
same problem.
Flags: needinfo?(stefan.kanthak)
With Win7 64 bit and installations of both 32 and 64 bit Firefox and following the instructions in comment #3 I was unable to reproduce. I recall checking this several years ago and was unable to reproduce back then as well. I suspect that when uninstalling from Add / Remove Programs or Programs and Features Windows itself mitigates this.

Can you provide specific steps on how you are able to reproduce this along with the Windows OS version. Thanks
FWIW I worked on a similar bug related to Open Web Apps on Windows, and wasn't able to reproduce the issue.

If this is to be fixed in the Firefox installer/uninstaller, it should also be fixed for Open Web Apps.

The related bug is: https://bugzilla.mozilla.org/show_bug.cgi?id=786407
(In reply to Robert Strong [:rstrong] (do not email) from comment #4)
> With Win7 64 bit and installations of both 32 and 64 bit Firefox and
> following the instructions in comment #3 I was unable to reproduce. I recall
> checking this several years ago and was unable to reproduce back then as
> well. I suspect that when uninstalling from Add / Remove Programs or
> Programs and Features Windows itself mitigates this.

I can't confirm nor deny that ARP mitigates this. But ARP doesn't run under LocalSystem.
I saw the bug some years ago on systems where Microsoft SMS as well as Altiris where used for deployment: their deployment agents called the commands from the "UninstallStrings".

> Can you provide specific steps on how you are able to reproduce this along
> with the Windows OS version. Thanks

I haven't checked this for a long time; to mitigate this attack vector I routinely install Firefox, Thunderbird etc. since many years into C:\Programme\Mozilla\Firefox resp. C:\Programme\Mozilla\Thunderbird (you can deduce that I use Windows NT5.x, not Windows NT6.x).
After Microsoft published MS13-034 I remembered that bug in Mozilla and reported it.
I'll recheck it under Windows XP in a(n english) test system (which has "C:\Program Files\" instead of "C:\Programme\" and report back when done (I'll have to setup that system first).
(In reply to Tim Abraldes (:TimAbraldes) from comment #5)
> FWIW I worked on a similar bug related to Open Web Apps on Windows, and
> wasn't able to reproduce the issue.

As Robert suspects: Windows "Add/Remove Programs" mitigates the bug (I checked it in Windows XP and Windows Server 2003), it adds the missing quotes around the pathname of the command, but not around any parameters.

> If this is to be fixed in the Firefox installer/uninstaller, it should also
> be fixed for Open Web Apps.
> 
> The related bug is: https://bugzilla.mozilla.org/show_bug.cgi?id=786407

Nevertheless its a bug, ALL strings which are interpreted as command lines have to be quoted properly!
This bug will byte if users of Mozilla products use anything other than ARP to run the "UninstallString" you write to the registry.
It's certainly important to properly quote strings that will be used as command lines.  However, this string is not meant to be used as a command line directly; it is meant to be used by Windows' built-in support for removing programs.

I checked the uninstall strings of some other apps, including "Microsoft Help Viewer 1.0," "Microsoft Mouse and Keyboard Center," and "VLC media player."  None of these strings was quoted.

Since Windows' "remove programs" functionality expects unquoted strings, and since most other apps do not quote their uninstall strings, I would argue that we would be more likely to encounter bugs (and thus more vulnerable) by quoting our uninstall string than by leaving it unquoted.
I have yet to see documentation where this path requires quoting and would argue that any app that bypasses the builtin OS functionality and doesn't do the same thing as the builtin OS functionality is broken and it needs to be fixed. I have been on the receiving end of that argument where I have had to change my code to "do the right thing" more times than I can count. There are also several products that do not quote their UninstallString registry value including several Microsoft products so changing this for Firefox will have hardly any significant affect on a 3rd party app that is doing the "wrong thing". Having said that, it is a minor change that shouldn't cause any ill side effects so I don't have a problem with quotes being added as long as a small amount of research is performed to verify that no ill side effects occur.
Severity: normal → trivial
OS: Windows 2000 → Windows 7
Summary: Mozilla installer creates vulnerable "uninstallstring" on Windows → Installer should quote the 'uninstallstring' registry value in case a non OS builtin app uses the value
(In reply to Tim Abraldes (:TimAbraldes) from comment #8)
> It's certainly important to properly quote strings that will be used as
> command lines.  However, this string is not meant to be used as a command
> line directly; it is meant to be used by Windows' built-in support for
> removing programs.
> 
> I checked the uninstall strings of some other apps, including "Microsoft
> Help Viewer 1.0," "Microsoft Mouse and Keyboard Center," and "VLC media
> player."  None of these strings was quoted.

All these programs sport the same bug!

> Since Windows' "remove programs" functionality expects unquoted strings,

WRONG!
Windows' ARP has ABSOLUTELY no problem with properly quoted commands. See all the other programs "UninstallString"!

> and
> since most other apps do not quote their uninstall strings,

WRONG again.
Most programs dont show this bug!

> I would argue
> that we would be more likely to encounter bugs (and thus more vulnerable) by
> quoting our uninstall string than by leaving it unquoted.

WRONG once more: see all the properly quoted "UninstallString"s.

Guess why Microsoft fixed the "UninstallString" of their Microsoft Security Essentials?
See <http://seclists.org/fulldisclosure/2013/May/10>!
(In reply to Stefan Kanthak from comment #10)
<snip>
> Guess why Microsoft fixed the "UninstallString" of their Microsoft Security
> Essentials?
> See <http://seclists.org/fulldisclosure/2013/May/10>!
The obvious reason they fixed it in this case is that the command line also contains an argument.
(In reply to Stefan Kanthak from comment #10)
and please drop the all uppercase crap. We all have what's best for Firefox based on the facts at heart and so far the argument you are making is that all apps should quote the uninstallstring without any documentation that says they should and the actual functionality of the OS showing that it isn't required when there are no command line arguments.
(In reply to Robert Strong [:rstrong] (do not email) from comment #9)
> I have yet to see documentation where this path requires quoting

ALL strings which can be used as command line MUST be properly quoted.

> and would
> argue that any app that bypasses the builtin OS functionality and doesn't do
> the same thing as the builtin OS functionality is broken and it needs to be
> fixed.

No. Fix those silly errors at the source.
1. its better to be safe than sorry.
2. its better to fail early and find such errors than to add yet another "compatibility shim" (like MSFT does way to often).

> I have been on the receiving end of that argument where I have had to
> change my code to "do the right thing" more times than I can count.

Yes, that's the problem with hiding such errors, like Microsoft did in their very finite wisdom 20 years back, when they decided to have CreateProcess() perform trial&error on unquoted command lines.

> There
> are also several

buggy.-P

> products that do not quote their UninstallString registry
> value including several Microsoft products so changing this for Firefox will
> have hardly any significant affect on a 3rd party app that is doing the
> "wrong thing".

"Ma, look, the others play foul too" is no valid argument.-(

> Having said that, it is a minor change that shouldn't cause
> any ill side effects so I don't have a problem with quotes being added as
> long as a small amount of research is performed to verify that no ill side
> effects occur.

Thanks.
(In reply to Stefan Kanthak from comment #13)
> (In reply to Robert Strong [:rstrong] (do not email) from comment #9)
> > I have yet to see documentation where this path requires quoting
> 
> ALL strings which can be used as command line MUST be properly quoted.
> 
> > and would
> > argue that any app that bypasses the builtin OS functionality and doesn't do
> > the same thing as the builtin OS functionality is broken and it needs to be
> > fixed.
> 
> No. Fix those silly errors at the source.
> 1. its better to be safe than sorry.
> 2. its better to fail early and find such errors than to add yet another
> "compatibility shim" (like MSFT does way to often).
> 
> > I have been on the receiving end of that argument where I have had to
> > change my code to "do the right thing" more times than I can count.
> 
> Yes, that's the problem with hiding such errors, like Microsoft did in their
> very finite wisdom 20 years back, when they decided to have CreateProcess()
> perform trial&error on unquoted command lines.
You missed the point. It is up to the 3rd party vendors to adhere to the documented functionality and when they try to bypass builtin functionality it is up to the 3rd party app to duplicate the same behavior.

> 
> > There
> > are also several
> 
> buggy.-P
As I have already shown they are not buggy whereas any non OS builtin app that tries to use these values in a way other than the IS builtin app are buggy.

> > products that do not quote their UninstallString registry
> > value including several Microsoft products so changing this for Firefox will
> > have hardly any significant affect on a 3rd party app that is doing the
> > "wrong thing".
> 
> "Ma, look, the others play foul too" is no valid argument.-(
The trouble with your argument is that you are claiming they are playing foul when afaict they are playing by the rules from the small amount of documentation regarding these values and 100% from the actual functionality... you just don't like the rules.
(In reply to Robert Strong [:rstrong] (do not email) from comment #11)
> (In reply to Stefan Kanthak from comment #10)
> <snip>
> > Guess why Microsoft fixed the "UninstallString" of their Microsoft Security
> > Essentials?
> > See <http://seclists.org/fulldisclosure/2013/May/10>!
> The obvious reason they fixed it in this case is that the command line also
> contains an argument.

No.
Copy CMD.EXE to "C:\Program Files\Mozilla Firefox", create the following registry entries:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dummy]
"DisplayName"="Dummy"
"UninstallString"="C:\\Program Files\\Mozilla Firefox\\CMD.EXE /K Echo %CMDCMDLINE%"

start ARP and uninstall "Dummy". You'll see where ARP adds the quotes.
(In reply to Robert Strong [:rstrong] (do not email) from comment #14)
> (In reply to Stefan Kanthak from comment #13)
> > (In reply to Robert Strong [:rstrong] (do not email) from comment #9)
> > > I have yet to see documentation where this path requires quoting
> > 
> > ALL strings which can be used as command line MUST be properly quoted.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > and would
> > > argue that any app that bypasses the builtin OS functionality and doesn't do
> > > the same thing as the builtin OS functionality is broken and it needs to be
> > > fixed.
> > 
> > No. Fix those silly errors at the source.
> > 1. its better to be safe than sorry.
> > 2. its better to fail early and find such errors than to add yet another
> > "compatibility shim" (like MSFT does way to often).
> > 
> > > I have been on the receiving end of that argument where I have had to
> > > change my code to "do the right thing" more times than I can count.
> > 
> > Yes, that's the problem with hiding such errors, like Microsoft did in their
> > very finite wisdom 20 years back, when they decided to have CreateProcess()
> > perform trial&error on unquoted command lines.
> You missed the point. It is up to the 3rd party vendors to adhere to the
> documented functionality and when they try to bypass builtin functionality
> it is up to the 3rd party app to duplicate the same behavior.
> 
> > 
> > > There
> > > are also several
> > 
> > buggy.-P
> As I have already shown they are not buggy whereas any non OS builtin app
> that tries to use these values in a way other than the IS builtin app are
> buggy.
> 
> > > products that do not quote their UninstallString registry
> > > value including several Microsoft products so changing this for Firefox will
> > > have hardly any significant affect on a 3rd party app that is doing the
> > > "wrong thing".
> > 
> > "Ma, look, the others play foul too" is no valid argument.-(
> The trouble with your argument is that you are claiming they are playing
> foul when afaict they are playing by the rules from the small amount of
> documentation regarding these values and 100% from the actual
> functionality... you just don't like the rules.

Wrong.
The basic rule is: quote pathnames containing spaces in ALL strings which are used as command line.
(In reply to Stefan Kanthak from comment #15)
> (In reply to Robert Strong [:rstrong] (do not email) from comment #11)
> > (In reply to Stefan Kanthak from comment #10)
> > <snip>
> > > Guess why Microsoft fixed the "UninstallString" of their Microsoft Security
> > > Essentials?
> > > See <http://seclists.org/fulldisclosure/2013/May/10>!
> > The obvious reason they fixed it in this case is that the command line also
> > contains an argument.
> 
> No.
> Copy CMD.EXE to "C:\Program Files\Mozilla Firefox", create the following
> registry entries:
> 
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dummy
> ]
> "DisplayName"="Dummy"
> "UninstallString"="C:\\Program Files\\Mozilla Firefox\\CMD.EXE /K Echo
> %CMDCMDLINE%"
> 
> start ARP and uninstall "Dummy". You'll see where ARP adds the quotes.
I did and as I stated it is misquoted because it has an argument(s).

(In reply to Stefan Kanthak from comment #16)
<snip>
> > > > products that do not quote their UninstallString registry
> > > > value including several Microsoft products so changing this for Firefox will
> > > > have hardly any significant affect on a 3rd party app that is doing the
> > > > "wrong thing".
> > > 
> > > "Ma, look, the others play foul too" is no valid argument.-(
> > The trouble with your argument is that you are claiming they are playing
> > foul when afaict they are playing by the rules from the small amount of
> > documentation regarding these values and 100% from the actual
> > functionality... you just don't like the rules.
> 
> Wrong.
> The basic rule is: quote pathnames containing spaces in ALL strings which
> are used as command line.
There is your problem, it isn't used as a command line... it is executed via code. Not all paths containing strings in the registry need to be quoted as I have already demonstrated and you have already confirmed.
Though it isn't about paths stored in the registry you might be interested in the tests we have for our internal creation of command lines. They also have cases where there are arguments and how it handles them and though it isn't directly applicable to the case where the UninstallString contains both a path with spaces and an argument with a little bit of imagination it does show why the quoting would be incorrect on an uninstallstring with both a path with spaces and an argument.
(In reply to Robert Strong [:rstrong] (do not email) from comment #17)
> (In reply to Stefan Kanthak from comment #15)
> > (In reply to Robert Strong [:rstrong] (do not email) from comment #11)
> > > (In reply to Stefan Kanthak from comment #10)
> > > <snip>
> > > > Guess why Microsoft fixed the "UninstallString" of their Microsoft Security
> > > > Essentials?
> > > > See <http://seclists.org/fulldisclosure/2013/May/10>!
> > > The obvious reason they fixed it in this case is that the command line also
> > > contains an argument.
> > 
> > No.
> > Copy CMD.EXE to "C:\Program Files\Mozilla Firefox", create the following
> > registry entries:
> > 
> > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dummy
> > ]
> > "DisplayName"="Dummy"
> > "UninstallString"="C:\\Program Files\\Mozilla Firefox\\CMD.EXE /K Echo
> > %CMDCMDLINE%"
> > 
> > start ARP and uninstall "Dummy". You'll see where ARP adds the quotes.
> I did and as I stated it is misquoted because it has an argument(s).

On Windows NT5.x it gets properly quoted.
 
> (In reply to Stefan Kanthak from comment #16)
> <snip>
> > > > > products that do not quote their UninstallString registry
> > > > > value including several Microsoft products so changing this for Firefox will
> > > > > have hardly any significant affect on a 3rd party app that is doing the
> > > > > "wrong thing".
> > > > 
> > > > "Ma, look, the others play foul too" is no valid argument.-(
> > > The trouble with your argument is that you are claiming they are playing
> > > foul when afaict they are playing by the rules from the small amount of
> > > documentation regarding these values and 100% from the actual
> > > functionality... you just don't like the rules.
> > 
> > Wrong.
> > The basic rule is: quote pathnames containing spaces in ALL strings which
> > are used as command line.
> There is your problem, it isn't used as a command line... it is executed via
> code.

ALL command lines are executed via code.

[HKLM\SOFTWARE\Clients\StartMenuInternet\Firefox.exe\InstallInfo]

has some "command lines", fortunately properly quoted.
Remove the quotes there, copy CMD.EXE as C:\Program.exe and/or "C:\Program Files\Mozilla.exe", then use ARP to set Firefox as default browser or (un)hide its icons. Gotcha!

[HKLM\SOFTWARE\Clients\StartMenuInternet\Firefox.exe\shell\properties\command]

has a command line. Remove the quotes etc, then let Windows Explorer resp. ShellExecute() call the "properties" verb.
(In reply to Stefan Kanthak from comment #20)
> (In reply to Robert Strong [:rstrong] (do not email) from comment #17)
> > (In reply to Stefan Kanthak from comment #15)
> > > (In reply to Robert Strong [:rstrong] (do not email) from comment #11)
> > > > (In reply to Stefan Kanthak from comment #10)
> > > > <snip>
> > > > > Guess why Microsoft fixed the "UninstallString" of their Microsoft Security
> > > > > Essentials?
> > > > > See <http://seclists.org/fulldisclosure/2013/May/10>!
> > > > The obvious reason they fixed it in this case is that the command line also
> > > > contains an argument.
> > > 
> > > No.
> > > Copy CMD.EXE to "C:\Program Files\Mozilla Firefox", create the following
> > > registry entries:
> > > 
> > > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dummy
> > > ]
> > > "DisplayName"="Dummy"
> > > "UninstallString"="C:\\Program Files\\Mozilla Firefox\\CMD.EXE /K Echo
> > > %CMDCMDLINE%"
> > > 
> > > start ARP and uninstall "Dummy". You'll see where ARP adds the quotes.
> > I did and as I stated it is misquoted because it has an argument(s).
> 
> On Windows NT5.x it gets properly quoted.
OK... my statement still stands and is also shown to be true when testing.

>  
> > (In reply to Stefan Kanthak from comment #16)
> > <snip>
> > > > > > products that do not quote their UninstallString registry
> > > > > > value including several Microsoft products so changing this for Firefox will
> > > > > > have hardly any significant affect on a 3rd party app that is doing the
> > > > > > "wrong thing".
> > > > > 
> > > > > "Ma, look, the others play foul too" is no valid argument.-(
> > > > The trouble with your argument is that you are claiming they are playing
> > > > foul when afaict they are playing by the rules from the small amount of
> > > > documentation regarding these values and 100% from the actual
> > > > functionality... you just don't like the rules.
> > > 
> > > Wrong.
> > > The basic rule is: quote pathnames containing spaces in ALL strings which
> > > are used as command line.
> > There is your problem, it isn't used as a command line... it is executed via
> > code.
> 
> ALL command lines are executed via code.
> 
> [HKLM\SOFTWARE\Clients\StartMenuInternet\Firefox.exe\InstallInfo]
> 
> has some "command lines", fortunately properly quoted.
> Remove the quotes there, copy CMD.EXE as C:\Program.exe and/or "C:\Program
> Files\Mozilla.exe", then use ARP to set Firefox as default browser or
> (un)hide its icons. Gotcha!
Right! And in that specific usage it needs to be quoted! Already well understood!

> [HKLM\SOFTWARE\Clients\StartMenuInternet\Firefox.
> exe\shell\properties\command]
> 
> has a command line. Remove the quotes etc, then let Windows Explorer resp.
> ShellExecute() call the "properties" verb.
Ditto!
JFTR:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Maintenance Service]
"UninstallString"="\"C:\\....\""
(In reply to Robert Strong [:rstrong] (do not email) from comment #21)
> (In reply to Stefan Kanthak from comment #20)

> > > > Copy CMD.EXE to "C:\Program Files\Mozilla Firefox", create the following
> > > > registry entries:
> > > > 
> > > > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dummy
> > > > ]
> > > > "DisplayName"="Dummy"
> > > > "UninstallString"="C:\\Program Files\\Mozilla Firefox\\CMD.EXE /K Echo
> > > > %CMDCMDLINE%"
> > > > 
> > > > start ARP and uninstall "Dummy". You'll see where ARP adds the quotes.
> > > I did and as I stated it is misquoted because it has an argument(s).
> > 
> > On Windows NT5.x it gets properly quoted.
> OK... my statement still stands and is also shown to be true when testing.

On my copy of Windows 7 x64 it gets properly quoted too!
The output is (as expected and just as on XP/2003)

"C:\Program Files\Mozilla Firefox\CMD.EXE" /K Echo %CMDCMDLINE%
That's fine... as far as this bug goes there is enough information already and thanks
(In reply to Robert Strong [:rstrong] (do not email) from comment #19)
> Link to the test mentioned in comment #18
> http://mxr.mozilla.org/mozilla-central/source/toolkit/xre/test/win/
> TestXREMakeCommandLineWin.cpp

Why do you use the MSVCRT there?
I recommend to get rid of the C++ runtime and only use the Win32 API, i.e.  WriteConsole() for the text output, wvsprintf() for string conversions, ...
This will save you from having to use _setmode().
(In reply to Stefan Kanthak from comment #25)
> (In reply to Robert Strong [:rstrong] (do not email) from comment #19)
> > Link to the test mentioned in comment #18
> > http://mxr.mozilla.org/mozilla-central/source/toolkit/xre/test/win/
> > TestXREMakeCommandLineWin.cpp
> 
> Why do you use the MSVCRT there?
> I recommend to get rid of the C++ runtime and only use the Win32 API, i.e. 
> WriteConsole() for the text output, wvsprintf() for string conversions, ...
> This will save you from having to use _setmode().
As far as that test goes, it is only a test and more than suffices for what it is testing.

As far as this bug goes there is enough information already and thanks
(In reply to Robert Strong [:rstrong] (do not email) from comment #9)
> I have yet to see documentation where this path requires quoting and would
> argue that any app that bypasses the builtin OS functionality and doesn't do
> the same thing as the builtin OS functionality is broken and it needs to be
> fixed.

There are several MS Knowledge Base articles like <http://support.microsoft.com/kb/2249920> that explicitly tell "copy and paste the value of UninstallString into Start->Run".

<http://technet.microsoft.com/library/gg699426.aspx>, <http://technet.microsoft.com/library/cc817520.aspx> and <http://technet.microsoft.com/library/dd346768.aspx> define the value of UninstallString as "command line".

<http://msdn.microsoft.com/library/cc144162.aspx> shows properly quoted values for UninstallString.

And <http://msdn.microsoft.com/ibrary/ms997548.aspx> explicitly states "The path you supply to Uninstall-String must be the complete command line used to carry out your uninstall program".
(In reply to Stefan Kanthak from comment #27)
> (In reply to Robert Strong [:rstrong] (do not email) from comment #9)
> > I have yet to see documentation where this path requires quoting and would
> > argue that any app that bypasses the builtin OS functionality and doesn't do
> > the same thing as the builtin OS functionality is broken and it needs to be
> > fixed.
> 
> There are several MS Knowledge Base articles like
> <http://support.microsoft.com/kb/2249920> that explicitly tell "copy and
> paste the value of UninstallString into Start->Run".
> 
> <http://technet.microsoft.com/library/gg699426.aspx>,
> <http://technet.microsoft.com/library/cc817520.aspx> and
> <http://technet.microsoft.com/library/dd346768.aspx> define the value of
> UninstallString as "command line".
> 
> <http://msdn.microsoft.com/library/cc144162.aspx> shows properly quoted
> values for UninstallString.
> 
> And <http://msdn.microsoft.com/ibrary/ms997548.aspx> explicitly states "The
> path you supply to Uninstall-String must be the complete command line used
> to carry out your uninstall program".
On Win7 pasting in both Start -> Run and "Search programs and files" with the uninstallstring and notepad.exe renamed to program.exe in the root of C: launched the uninstaller.

One last time... as far as this bug goes there is enough information already and thanks
(In reply to Robert Strong [:rstrong] (do not email) from comment #28)
> (In reply to Stefan Kanthak from comment #27)
> > (In reply to Robert Strong [:rstrong] (do not email) from comment #9)
> > > I have yet to see documentation where this path requires quoting and would
> > > argue that any app that bypasses the builtin OS functionality and doesn't do
> > > the same thing as the builtin OS functionality is broken and it needs to be
> > > fixed.

[ MSFT docs for "UninstallString is a command line" ]

> On Win7 pasting in both Start -> Run and "Search programs and files" with
> the uninstallstring and notepad.exe renamed to program.exe in the root of C:
> launched the uninstaller.

Your Windows 7 installation is defective!
On my fresh installation of Windows 7 x64, as well as fresh installations of Windows XP and Server 2003, with CMD.EXE copied as C:\Program.exe and/or "C:\Program Files\Mozilla.exe", running the uninstallstring via Start->Run executes the command processor!
(In reply to Stefan Kanthak from comment #29)
> (In reply to Robert Strong [:rstrong] (do not email) from comment #28)
> > (In reply to Stefan Kanthak from comment #27)
> > > (In reply to Robert Strong [:rstrong] (do not email) from comment #9)
> > > > I have yet to see documentation where this path requires quoting and would
> > > > argue that any app that bypasses the builtin OS functionality and doesn't do
> > > > the same thing as the builtin OS functionality is broken and it needs to be
> > > > fixed.
> 
> [ MSFT docs for "UninstallString is a command line" ]
> 
> > On Win7 pasting in both Start -> Run and "Search programs and files" with
> > the uninstallstring and notepad.exe renamed to program.exe in the root of C:
> > launched the uninstaller.
> 
> Your Windows 7 installation is defective!
> On my fresh installation of Windows 7 x64, as well as fresh installations of
> Windows XP and Server 2003, with CMD.EXE copied as C:\Program.exe and/or
> "C:\Program Files\Mozilla.exe", running the uninstallstring via Start->Run
> executes the command processor!
Or "Your Windows 7 installation is defective!"

Also, with cmd.exe renamed to program.exe and placed in C: it ran the uninstaller for me!

Anyways, that is it for commenting on this bug for me... as far as this bug goes there is enough information already and thanks... please take further discussions that you would like to have to the forums.
Attached patch patchSplinter Review
Assignee: nobody → robert.bugzilla
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #747062 - Flags: review?(netzen)
Comment on attachment 747062 [details] [diff] [review]
patch

Review of attachment 747062 [details] [diff] [review]:
-----------------------------------------------------------------

Verified that this will get set for installs, install-upgrades, and PostUpdate. Looks good.
Attachment #747062 - Flags: review?(netzen) → review+
Pushed to mozilla-inbound... it will be resolved fixed after mozilla-inbound is merged to mozilla-central and it will be in the Firefox 23 release
https://hg.mozilla.org/integration/mozilla-inbound/rev/0182997de0f4

If you'd like this fixed for Seamonkey or Thunderbird you should file bugs for those applications.
Target Milestone: --- → Firefox 23
https://hg.mozilla.org/mozilla-central/rev/0182997de0f4
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
(In reply to Robert Strong [:rstrong] (do not email) from comment #12)
> (In reply to Stefan Kanthak from comment #10)
> and please drop the all uppercase ****. We all have what's best for Firefox
> based on the facts at heart

That might well be true, but you apparently dont know what's best for the security/safety of your users/customers systems.
Better be safe than sorry!

> and so far the argument you are making is that
> all apps should quote the uninstallstring without any documentation that
> says they should and the actual functionality of the OS showing that it
> isn't required when there are no command line arguments.

I've added links to the documentation.
UninstallString is a command line, and command lines MUST be properly quoted... what is now done. OK!
(In reply to Robert Strong [:rstrong] (do not email) from comment #4)
> With Win7 64 bit and installations of both 32 and 64 bit Firefox and
> following the instructions in comment #3 I was unable to reproduce. I recall
> checking this several years ago and was unable to reproduce back then as
> well. I suspect that when uninstalling from Add / Remove Programs or
> Programs and Features Windows itself mitigates this.

Just for reference: That was probably Bug 603066 (just remembered about this bug when I saw this bug here).
See Also: → 871084
You need to log in before you can comment on or make changes to this bug.