Clean-up system extensions shipped in Firefox 52

In addition to pdfjs there are 6 system add-ons shipped in Firefox 52 looking at the current beta branch. (on release there are 5 right now). We should investigate whether we need all of them and if not make sure that they don't interfere with Tor Browser.

Of particular interest are aushelper and e10srollout I guess.

added TorBrowserTeam201705R component::applications/tor browser ff52-esr owner::mcs priority::high resolution::fixed severity::normal status::closed tbb-7.0-must tbb-no-uplift-60 type::task labels

mcs, brade could you work on that ticket? The extensions highlighted in the description might even need updater related changes.

Replying to gk:

mcs, brade could you work on that ticket? The extensions highlighted in the description might even need updater related changes.

Yes, we will take a look.

Kathy and I looked at the various system extensions that are present on Mozilla's current beta branch (52). Here is what we learned about each of them:

aushelper Modifies app.update.url default pref value to include info for bug 1296630 The add-on only has an effect on Windows. See https://bugzilla.mozilla.org/show_bug.cgi?id=1311515

A similar issue for WebSense was handled via the "HotFix" add-on.
See https://bugzilla.mozilla.org/show_bug.cgi?id=1298404 and https://hg.mozilla.org/releases/firefox-hotfixes/file/tip/v20160826.01/bootstrap.js This revision of the HotFix add-on only has an effect on Windows.

There is a bug open for moving the WebSense update URL modification code into the aushelper add-on: https://bugzilla.mozilla.org/show_bug.cgi?id=1329692

disableSHA1rollout Disable SHA-1 based certificates for 10% of beta channel users. See https://bugzilla.mozilla.org/show_bug.cgi?id=1328718

e10srollout Enables e10s for a subset of users based on policies that account for which update channel the user is on, which add-ons are installed, etc. See https://bugzilla.mozilla.org/show_bug.cgi?id=1249845

See also toolkit/mozapps/extensions/internal/E10SAddonsRollout.jsm

flyweb Only included in Aurora and Nightly builds. Internet of Things related. See https://flyweb.github.io/

formautofill Only included in Aurora and Nightly builds. Form Autofill. See https://bugzilla.mozilla.org/show_bug.cgi?id=990176

pdfjs JavaScript-based PDF viewer.

pocket Pocket client.

webcompat Empty / stub extension to allow webcompat fixes to be deployed via the add-on update mechanism. See https://bugzilla.mozilla.org/show_bug.cgi?id=1268197

Based on our research, Kathy and I think the only system extension we should consider shipping with Tor Browser is pdfjs (we did not review recent changes to pdfjs).

For e10s, we will probably enable it for everyone or no one. For disabling of SHA-1 signatures, we already have the fix for #18042 (moved). The remaining system add-ons don't seem necessary.

Replying to mcs:

For disabling of SHA-1 signatures, we already have the fix for #18042 (moved). This add-on is about treating such connections as untrusted, your ticket doesn't disable SHA-1. aushelper This add-on is about CPU bugs. It can bite you in surprising cases (e.g. jemalloc)... e10srollout rollout means e10s is not ready... pdfjs What is the current update process for it? What about FPI part of #7501 (moved) at Mozilla side? It's not visible in about:support. webcompat What is the policy about it for ESR?

Some interesting reading about add-ons updating: https://bugzilla.mozilla.org/show_bug.cgi?id=1308251

While reviewing fixed toolkit bugs for #19048 (moved), I learned that there is some information about system extensions here: https://gecko.readthedocs.io/en/latest/toolkit/mozapps/extensions/addon-manager/SystemAddons.html

disableSHA1rollout add-on removed from the tree https://bugzilla.mozilla.org/show_bug.cgi?id=1341734

Off-topic (the reason of removal):

In reaction to Google’s announcement of the first practical SHA-1 collision, Mozilla has remotely disabled the SHA-1 support for all Firefox users on February 24, 2017 https://www.fxsitecompat.com/en-CA/docs/2016/sha-1-certificates-issued-by-public-ca-will-no-longer-be-accepted/ So, Mozilla doesn't treat Firefox ESR owners as Firefox users! And they stay unpatched. Your fix for #18042 (moved) has

// 2 = allow SHA-1 only before 2016-01-01
pref("security.pki.sha1_enforcement_level", 2);

( OnlyBefore2016 = 2 in CertVerifier.h) which has been transformed for esr52 into

    // There used to be a policy that only allowed SHA1 for certificates issued
    // before 2016. This is no longer available. If a user has selected this
    // policy in about:config, it now maps to Forbidden.
    UsedToBeBefore2016ButNowIsForbidden = 2,

so it can be the proper fix for esr52, but not for esr45.

Replying to mcs:

Based on our research, Kathy and I think the only system extension we should consider shipping with Tor Browser is pdfjs (we did not review recent changes to pdfjs).

For e10s, we will probably enable it for everyone or no one. For disabling of SHA-1 signatures, we already have the fix for #18042 (moved). The remaining system add-ons don't seem necessary.

I think I agree with all of that (I have some thoughts about the e10s situation which I'll put into #21432 (moved) shortly).

Trac:
Cc: mcs, brade to mcs, brade, arthuredelstein

webcompat Empty / stub extension to allow webcompat fixes to be deployed via the add-on update mechanism. Of course, it's easier to disable this system add-ons update mechanism entirely, but it is inconsistent with other add-ons update policy.

Trac:
Username: tokotoko
Cc: mcs, brade, arthuredelstein to mcs, brade, arthuredelstein, fdsfgs@krutt.org

#21878 (moved) is a duplicate.

Trac:
Cc: mcs, brade, arthuredelstein, fdsfgs@krutt.org to mcs, brade, arthuredelstein, fdsfgs@krutt.org, blockflare

I think we need to address this for our alpha release.

Trac:
Keywords: N/A deleted, tbb-7.0-must-alpha added

Trac:
Keywords: TorBrowserTeam201702 deleted, TorBrowserTeam201704 added

#22045 (moved) is a duplicate.

Trac:
Cc: mcs, brade, arthuredelstein, fdsfgs@krutt.org, blockflare to mcs, brade, arthuredelstein, fdsfgs@krutt.org, blockflare, Dbryrtfbcbhgf

Moving our tickets to May 2017.

Trac:
Keywords: TorBrowserTeam201704 deleted, TorBrowserTeam201705 added

We are beyond the alpha testing. Moving tickets for tbb-7.0-must.

Trac:
Keywords: tbb-7.0-must-alpha deleted, tbb-7.0-must added

Raising prio.

Trac:
Priority: Medium to High

Taking ownership of this ticket.

Trac:
Owner: tbb-team to mcs
Status: new to assigned

Here is a patch to keep pdfjs and avoid including any of the system extensions other than e10srollout: https://gitweb.torproject.org/user/brade/tor-browser.git/commit/?h=bug21431-01&id=2b4a2230fcfdf94eb09a9ffa3dc3e13530af4c82

Trac:
Keywords: TorBrowserTeam201705 deleted, TorBrowserTeam201705R added
Status: assigned to needs_review

Looks good to me. Applied to tor-browser-52.1.0esr-7.0-2 (commit 6b8a66553b3aa4a518dc4448baf11099a8df22cd) and tor-browser-52.1.1est-7.0-1 (commit 475734012b70c7515a2a105ea6584136cee57bf6).

Trac:
Status: needs_review to closed
Resolution: N/A to fixed

Trac:
Keywords: N/A deleted, tbb-no-uplift-60 added

closed

mentioned in issue #21746 (moved)

mentioned in issue #21878 (moved)

mentioned in issue #22045 (moved)

moved to tpo/applications/tor-browser#21431 (closed)