Firefox Update Requires Admin Privs, But Does Not Check and Just Displays Misleading Message
Firefox attempts to perform an update from an Non-Admin account, the Update File is downloaded, the update is begun but the following misleading message is displayed... "unable to install firefox update make sure no firefox applications are open and then try again" ...and the message is displayed each time Firefox is activated.
Explanation In order to perform the update, the protected file; C:\Program Files\Mozilla Firefox\firefox.exe must be opened with exclusive access. This fails because Non-Admin account may not modify files in the C:\Program Files\ folder. (Did Not Fail because it is open by another process) Performing the Update from the Admin Account executes properly. After Activating in Non-Admin Account, misleading message still displays, Firefox opens and includes "Updated" page showing 14.0.1 have been installed. Deleting the files from: C:\Documents and Settings\user_name\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\0 eliminates problem.
These issues need to be addressed by Firefox Development:
- Before attempting Update, check for Admin Privs. If not, then just notify Update is available.
- Modify Error Message to reflect true meaning for failure (system can be modified that updates are only possible by specific Admin account rather than Admin Group).
- When applying Update, delete other Update Pending files in other user's Directory Trees.
Will a Firefox Developer Please Respond?
เปลี่ยนแปลงโดย CouldBeWorse เมื่อ
การตอบกลับทั้งหมด (5)
I have not used XP recently but your post sounds like a plausible explanation of the situation.
You are however unlikely to get developer attention on this forum. There is a list of forums http://www.mozilla.org/about/forums/ but I am not sure which would be the best to try.
If change is needed I expect a bug will need to be filed, but that is more likely to proceed if it is discussed first. If you do start discussions and get answers maybe you would like to post back here so others may follow the progress.
I suppose there is a possibility we could at least document the situation a bit better in the Knowledge Base.
Thanks for the link. I have submitted a Bug Report on Bugzilla. Will post back when there is a response there. And this is more than "plausible", it is "confirmed" (if you watch MythBusters). There are update log files that clearing show what is happening and why.
The most disturbing thing about this "bug", is that it clearly shows that nearly everyone is performing there "normal" activities (browsing, email, etc.) from an account with Admin privs. This means that when (not "if") the latest version of an infection gets past your AV shield (they can only block the ones already reported), it has access to every sensitive part of your system. I could give a long explanation of infections with a lot boring details, but just believe this:
Never perform "Normal" net activities from an account with Administrator privs.
Good advice, but probably not often followed.
(Bug 776386 - Discussion Forum: Mozilla Update Fails )
Hi John99,
Just an update. Bug 776386 is my submission. The bad news is that the Update Failing w/o Admin was reported more than three years ago (see my submission for links to 4 other submissions). For almost seven years there has been a larger issue of how to apply updates from non-Admin accounts. At least that problem has been Confirmed and Assigned. Have contacted them to find out if it would be possible to as a first step, not attempt an Update unless you have privs. (Not holding my breath on this.)
I note that although Bug 776386 was not actioned, a loosely related bug was
- Bug 711475 - Allow updates to be applied by limited user accounts into high integrity locations (such as program files)