Opened 4 years ago

Closed 4 years ago

#16837 closed defect (fixed)

Disable Firefox Hotfix updates

Reported by: mikeperry Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: tbb-5.0-regression, tbb-pref, TorBrowserTeam201509
Cc: mcs, gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I'm not sure exactly when this was added, but we should fix it soon, so I'm tagging it as a regression.

The pref extensions.hotfix.id specifies the ID of a magic hotfix addon for emergency Firefox releases that can be fixed with simple pref or addon-based XPCOM changes. That is a nice property, except that the addon may make assumptions about Firefox 38-ESR and its prefs that don't apply to TBB. It's probably not safe for us to have Mozilla's hotfixes go to our users for this reason.

Simply emptying the pref should disable the addon update pings.

Child Tickets

Change History (5)

comment:1 Changed 4 years ago by mcs

Cc: mcs added

It looks like this has been around for a long time:

https://wiki.mozilla.org/Features/Desktop/Add-on_hotfix
https://bugzilla.mozilla.org/show_bug.cgi?id=694068

I knew about it but did not put 2 and 2 together that this is a feature we should remove for Tor Browser. I agree that we should disable it.

comment:2 Changed 4 years ago by gk

Cc: gk added

comment:3 Changed 4 years ago by cypherpunks

Was any version installed for some Torbrowser before?

Version 20150311.01 Released March 13, 2015 7.2 kB Works with Firefox 10.0 - 38.* -- all TBBs
Version 20150225.01 Released February 27, 2015 7.2 kB Works with Firefox 10.0 - 38.* -- all TBBs
Version 20150106.01 Released January 22, 2015 6.4 kB Works with Firefox 10.0 - 37.* -- all before TBB5.0
Version 20140527.01.11 Released December 3, 2014 227.9 kB Works with Firefox 10.0 - 36.* -- all before TBB5.0
Version 20140527.01.3 Released July 16, 2014 226.5 kB Works with Firefox 10.0 - 34.* -- all before TBB5.0
Version 20140319.01 Released March 20, 2014 16.2 kB Works with Firefox 27.0 - 31.* -- all before TBB5.0
Version 20130826.01 Released September 26, 2013 15.4 kB Works with Firefox 10.0 - 24.* -- all before TBB4.0
Version 20130322.01 Released May 21, 2013 22.5 kB Works with Firefox 10.0 - 16.* -- all before TBB3.0
Version 20121019.01 Released October 22, 2012 25.9 kB Works with Firefox 10.0 - 16.* -- all before TBB3.0
Version 20120817.01 Released October 3, 2012 25.5 kB Works with Firefox 16.0a1 - 16.* -- all before TBB3.0
Version 20120430.01 Released May 1, 2012 25.6 kB Works with Firefox 10.0 - 12.* -- all before TBB3.0
Version 20120419.01 Released April 25, 2012 25.6 kB Works with Firefox 10.0 - 12.* -- all before TBB3.0

comment:4 Changed 4 years ago by mikeperry

Keywords: TorBrowserTeam201509 added; TorBrowserTeam201508 removed

Move remaining August tickets to September.

comment:5 Changed 4 years ago by mikeperry

Resolution: fixed
Status: newclosed

Ok, I disabled the hotfix updates. We'll need to keep an eye out for hotfixes now, as we'll need to ship a full update in that case.

We could potentially specify extensions.hotfix.url and point it at our servers and then distribute hotfixes that we're sure are OK, but that will require pinning, etc.. I filed #17091 for that.

As for the previous hotfixes, they did likely go out to TBB users without issue. However, that doesn't make me feel certain that some pref conflict or other assumption might not break TBB for every current TBB user. That risk is too high to leave this enabled right now.

Note: See TracTickets for help on using tickets.