Opened 10 months ago

Closed 7 months ago

#21431 closed task (fixed)

Clean-up system extensions shipped in Firefox 52

Reported by: gk Owned by: mcs
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff52-esr, TorBrowserTeam201705R, tbb-7.0-must
Cc: mcs, brade, arthuredelstein, fdsfgs@…, blockflare, Dbryrtfbcbhgf Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In addition to pdfjs there are 6 system add-ons shipped in Firefox 52 looking at the current beta branch. (on release there are 5 right now). We should investigate whether we need all of them and if not make sure that they don't interfere with Tor Browser.

Of particular interest are aushelper and e10srollout I guess.

Child Tickets

Change History (22)

comment:1 Changed 10 months ago by gk

mcs, brade could you work on that ticket? The extensions highlighted in the description might even need updater related changes.

comment:2 in reply to:  1 Changed 10 months ago by brade

Replying to gk:

mcs, brade could you work on that ticket? The extensions highlighted in the description might even need updater related changes.

Yes, we will take a look.

comment:3 Changed 10 months ago by mcs

Kathy and I looked at the various system extensions that are present on Mozilla's current beta branch (52). Here is what we learned about each of them:

aushelper
Modifies app.update.url default pref value to include info for bug 1296630
The add-on only has an effect on Windows.
See https://bugzilla.mozilla.org/show_bug.cgi?id=1311515

A similar issue for WebSense was handled via the "HotFix" add-on.
See https://bugzilla.mozilla.org/show_bug.cgi?id=1298404
and https://hg.mozilla.org/releases/firefox-hotfixes/file/tip/v20160826.01/bootstrap.js
This revision of the HotFix add-on only has an effect on Windows.

There is a bug open for moving the WebSense update URL modification code into the aushelper add-on:
https://bugzilla.mozilla.org/show_bug.cgi?id=1329692

disableSHA1rollout
Disable SHA-1 based certificates for 10% of beta channel users.
See https://bugzilla.mozilla.org/show_bug.cgi?id=1328718

e10srollout
Enables e10s for a subset of users based on policies that account for which update channel the user is on, which add-ons are installed, etc.
See https://bugzilla.mozilla.org/show_bug.cgi?id=1249845

See also toolkit/mozapps/extensions/internal/E10SAddonsRollout.jsm

flyweb
Only included in Aurora and Nightly builds.
Internet of Things related. See https://flyweb.github.io/

formautofill
Only included in Aurora and Nightly builds.
Form Autofill. See https://bugzilla.mozilla.org/show_bug.cgi?id=990176

pdfjs
JavaScript-based PDF viewer.

pocket
Pocket client.

webcompat
Empty / stub extension to allow webcompat fixes to be deployed via the add-on update mechanism.
See https://bugzilla.mozilla.org/show_bug.cgi?id=1268197

comment:4 Changed 10 months ago by mcs

Based on our research, Kathy and I think the only system extension we should consider shipping with Tor Browser is pdfjs (we did not review recent changes to pdfjs).

For e10s, we will probably enable it for everyone or no one. For disabling of SHA-1 signatures, we already have the fix for #18042. The remaining system add-ons don't seem necessary.

comment:5 in reply to:  4 Changed 10 months ago by cypherpunks

Replying to mcs:

For disabling of SHA-1 signatures, we already have the fix for #18042.

This add-on is about treating such connections as untrusted, your ticket doesn't disable SHA-1.

aushelper

This add-on is about CPU bugs. It can bite you in surprising cases (e.g. jemalloc)...

e10srollout

rollout means e10s is not ready...

pdfjs

What is the current update process for it?
What about FPI part of #7501 at Mozilla side?
It's not visible in about:support.

webcompat

What is the policy about it for ESR?

Last edited 10 months ago by cypherpunks (previous) (diff)

comment:6 Changed 10 months ago by cypherpunks

Some interesting reading about add-ons updating: https://bugzilla.mozilla.org/show_bug.cgi?id=1308251

comment:7 Changed 10 months ago by mcs

While reviewing fixed toolkit bugs for #19048, I learned that there is some information about system extensions here:
https://gecko.readthedocs.io/en/latest/toolkit/mozapps/extensions/addon-manager/SystemAddons.html

comment:8 Changed 10 months ago by cypherpunks

disableSHA1rollout add-on removed from the tree
https://bugzilla.mozilla.org/show_bug.cgi?id=1341734

Off-topic (the reason of removal):

In reaction to Google’s announcement of the first practical SHA-1 collision, Mozilla has remotely disabled the SHA-1 support for all Firefox users on February 24, 2017

https://www.fxsitecompat.com/en-CA/docs/2016/sha-1-certificates-issued-by-public-ca-will-no-longer-be-accepted/
So, Mozilla doesn't treat Firefox ESR owners as Firefox users! And they stay unpatched.
Your fix for #18042 has

// 2 = allow SHA-1 only before 2016-01-01
pref("security.pki.sha1_enforcement_level", 2);

( OnlyBefore2016 = 2 in CertVerifier.h) which has been transformed for esr52 into

    // There used to be a policy that only allowed SHA1 for certificates issued
    // before 2016. This is no longer available. If a user has selected this
    // policy in about:config, it now maps to Forbidden.
    UsedToBeBefore2016ButNowIsForbidden = 2,

so it can be the proper fix for esr52, but not for esr45.

Last edited 10 months ago by cypherpunks (previous) (diff)

comment:9 in reply to:  4 Changed 10 months ago by gk

Replying to mcs:

Based on our research, Kathy and I think the only system extension we should consider shipping with Tor Browser is pdfjs (we did not review recent changes to pdfjs).

For e10s, we will probably enable it for everyone or no one. For disabling of SHA-1 signatures, we already have the fix for #18042. The remaining system add-ons don't seem necessary.

I think I agree with all of that (I have some thoughts about the e10s situation which I'll put into #21432 shortly).

comment:10 Changed 10 months ago by arthuredelstein

Cc: arthuredelstein added

comment:11 Changed 10 months ago by cypherpunks

webcompat
Empty / stub extension to allow webcompat fixes to be deployed via the add-on update mechanism.

Of course, it's easier to disable this system add-ons update mechanism entirely, but it is inconsistent with other add-ons update policy.

comment:12 Changed 10 months ago by tokotoko

Cc: fdsfgs@… added

comment:13 Changed 8 months ago by gk

Cc: blockflare added

#21878 is a duplicate.

comment:14 Changed 8 months ago by mcs

Keywords: tbb-7.0-must-alpha added

I think we need to address this for our alpha release.

comment:15 Changed 8 months ago by gk

Keywords: TorBrowserTeam201704 added; TorBrowserTeam201702 removed

comment:16 Changed 8 months ago by gk

Cc: Dbryrtfbcbhgf added

#22045 is a duplicate.

comment:17 Changed 8 months ago by gk

Keywords: TorBrowserTeam201705 added; TorBrowserTeam201704 removed

Moving our tickets to May 2017.

comment:18 Changed 7 months ago by gk

Keywords: tbb-7.0-must added; tbb-7.0-must-alpha removed

We are beyond the alpha testing. Moving tickets for tbb-7.0-must.

comment:19 Changed 7 months ago by gk

Priority: MediumHigh

Raising prio.

comment:20 Changed 7 months ago by mcs

Owner: changed from tbb-team to mcs
Status: newassigned

Taking ownership of this ticket.

comment:21 Changed 7 months ago by mcs

Keywords: TorBrowserTeam201705R added; TorBrowserTeam201705 removed
Status: assignedneeds_review

Here is a patch to keep pdfjs and avoid including any of the system extensions other than e10srollout:
https://gitweb.torproject.org/user/brade/tor-browser.git/commit/?h=bug21431-01&id=2b4a2230fcfdf94eb09a9ffa3dc3e13530af4c82

comment:22 Changed 7 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

Looks good to me. Applied to tor-browser-52.1.0esr-7.0-2 (commit 6b8a66553b3aa4a518dc4448baf11099a8df22cd) and tor-browser-52.1.1est-7.0-1 (commit 475734012b70c7515a2a105ea6584136cee57bf6).

Note: See TracTickets for help on using tickets.