Closed Bug 1293286 Opened 9 years ago Closed 9 years ago

[Out Of Date Notification] Windows XP & Vista download for 44.* from OutOfDate download button "upgrades" to 43.0.1

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: aflorinescu, Unassigned)

References

Details

Attachments

(1 file)

44.0.2 to 43.0.1.JPG
166.06 KB, image/jpeg
Details
Attached image 44.0.2 to 43.0.1.JPG
[Description]: Install "de" (or any localized version - also tested with fr and en-us) version of 44.* and then trigger download from OutOfDate notification --> the version FF will download and upgrade to is 43.0.1. (see attachment) [Affected OS]: Windows - XP x64. [Steps]: 1. Install the de localized 44.* version. 2. Outofdate notifications system add-on required configurations: 2.1 about:config set extensions.systemAddon.update.url to value "https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/release-sysaddon/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml" 2.2 about:config set extensions.logging.enabled to value "True" 2.3 about:config Add string app.update.url.override with value "www.softvision.ro" 3. Set update preferences -> about:preferences#advanced and set Firefox updates to "Automatically install updates (recommended: improved security)" 4. Open Tools/Web console and click on the gear icon to get to settings, then enable the following two options: "Enable browser chrome and add-on debugging toolboxes" and "Enable remote debugging". 5. Force system addons check : Open Tool/WebDeveloper/Browser Console and run the snippet: " Components.utils.import("resource://gre/modules/AddonManager.jsm"); AddonManagerPrivate.backgroundUpdateCheck(); " 6. Restart FF. 7. Click on the Download button from the OutOfDate notification. 8. Once the download page opens, press Download. [Actual Result]: The 43.0.1 version is downloaded and updated to. [Expected Result]: Latest version(48) should be downloaded and updated to. [Note] Seems this behaviour is not reproducible on any other OS'es.
I spoke with bhearsum on IRC and he said that if he recalls correctly, this is intentional for Windows XP due to the switch from sha1 to sha2. These users are supposed to be updated to the latest version after they install 43.0.1. Rail, are you able to confirm? Thank you!
Flags: needinfo?(rail)
Yes, we have to serve 43.0.1 installers to XP users because of the sha1/sha2 issue. There is bug 1284484 to bump the version to something fresher.
Flags: needinfo?(rail)
I'm positive our orphaned users are going to be extremely confused when they will be notified that are out of date and they are lead to download and install an older version that they already have. But the real risk I'm seeing here is that we're going to push a big percentage of the orphaned 44 XP users to being orphaned 43 users. We should keep in mind that we are addressing users from 44.* that have automatic updates turned on and still unable to update for various reasons. There is a big chance that these users that will "update" to 43.0.1 by using OutOfDate system add-on will be stuck on 43.0.1 as well as they were stuck on 44.*. And based on telemetry Stephen added ( https://bugzilla.mozilla.org/show_bug.cgi?id=1292562#c2) that is a big chunk of our target user base.
Sounds like this is blocked by bug 1284484.
Depends on: 1284484
Benjamin, what is your opinion here? Should we block the release of the system addon on this? 10% of our orphaned users on Firefox 44 are on XP and could be downgraded to 43.0.1 before (hopefully) being updated to the latest version. Orphaned users on Firefox account for about 25% of total orphaned users, so this could affect about 2.5% of our total orphaned user population.
Flags: needinfo?(benjamin)
(In reply to Stephen A Pohl [:spohl] from comment #5) > Orphaned users on Firefox account for about 25% of total orphaned users, This should have been "Orphaned users on Firefox 44".
Hrm, I thought we only shipped the 43.0.1 installer to people coming from IE. I agree that the downgrade installer sucks. What URL are we sending these people to? Could we explicitly send everyone from this URL to a new installer and not an old one?
Flags: needinfo?(benjamin) → needinfo?(spohl.mozilla.bugs)
The current URL is simply: https://www.mozilla.org/firefox I was surprised that we would direct Firefox users to 43.0.1, but this is how things appear to be implemented at https://www.mozilla.org/firefox at the moment. I've been unable to find a direct link to a webpage with the latest version. Who should I reach out to to either: 1. fix https://www.mozilla.org/firefox for Firefox users, or 2. to get a direct URL to the latest version from? Or are you suggesting that clicking the button would automatically download an installer?
Flags: needinfo?(spohl.mozilla.bugs) → needinfo?(benjamin)
(In reply to Stephen A Pohl [:spohl] from comment #8) > The current URL is simply: https://www.mozilla.org/firefox Oh. I thought that for metrics purposes we were using a variant URL such as https://www.mozilla.org/firefox?campaign=fxoutofdate or something. Did you ask the website people what URL to use here? And if we were using another URL, it might be possible to customize the version selection behavior. > I was surprised that we would direct Firefox users to 43.0.1, but this is > how things appear to be implemented at https://www.mozilla.org/firefox at > the moment. You should talk to mhowell about this. It's a result of the SHA1->SHA2 transition, and I know there are good reasons to do this sometimes, but only for users who don't have XPSP3 and perhaps are coming from IE.
Flags: needinfo?(benjamin)
(In reply to Benjamin Smedberg [:bsmedberg] from comment #9) > (In reply to Stephen A Pohl [:spohl] from comment #8) > > The current URL is simply: https://www.mozilla.org/firefox > > Oh. I thought that for metrics purposes we were using a variant URL such as > https://www.mozilla.org/firefox?campaign=fxoutofdate or something. Did you > ask the website people what URL to use here? And if we were using another > URL, it might be possible to customize the version selection behavior. Robert suggested that we use the value of the app.update.url.manual pref so that this same addon could be used for other channels, if we decide to release it for beta for example. For release, it defaults to https://www.mozilla.org/firefox/. I'm not familiar with metrics based off of URL variants and this is the first I've heard of it. Who are the website people that you had in mind here? > > I was surprised that we would direct Firefox users to 43.0.1, but this is > > how things appear to be implemented at https://www.mozilla.org/firefox at > > the moment. > > You should talk to mhowell about this. It's a result of the SHA1->SHA2 > transition, and I know there are good reasons to do this sometimes, but only > for users who don't have XPSP3 and perhaps are coming from IE. Matt, could we direct users who already have Firefox 44 to the most recent version of Firefox? Or are there reasons why they still need the Firefox 43.0.1 installer?
Flags: needinfo?(mhowell)
Flags: needinfo?(benjamin)
(In reply to Stephen A Pohl [:spohl] from comment #10) > Matt, could we direct users who already have Firefox 44 to the most recent > version of Firefox? Or are there reasons why they still need the Firefox > 43.0.1 installer? XP SP2 can update to 44+ but cannot run the SHA-2 versions of those installers. We are making SHA-1 installers for the latest versions though, and those work fine on SP2 (the installed binaries don't pass certificate validation, but XP doesn't care). So unless there are some issues I'm not aware of with setting this up, we should be able to solve this by serving the latest SHA-1 installer to XP users. If necessary, the add-on should be able to detect the service pack version so we can select between the SHA-1 and SHA-2 installers, but I think we're fine just giving all XP machines the SHA-1 version.
Flags: needinfo?(mhowell)
(In reply to Matt Howell [:mhowell] from comment #11) > (In reply to Stephen A Pohl [:spohl] from comment #10) > > Matt, could we direct users who already have Firefox 44 to the most recent > > version of Firefox? Or are there reasons why they still need the Firefox > > 43.0.1 installer? > > XP SP2 can update to 44+ but cannot run the SHA-2 versions of those > installers. We are making SHA-1 installers for the latest versions though, > and those work fine on SP2 (the installed binaries don't pass certificate > validation, but XP doesn't care). So unless there are some issues I'm not > aware of with setting this up, we should be able to solve this by serving > the latest SHA-1 installer to XP users. > > If necessary, the add-on should be able to detect the service pack version > so we can select between the SHA-1 and SHA-2 installers, but I think we're > fine just giving all XP machines the SHA-1 version. Matt, are you referring to bug 1284484 (see comment 2)? How soon do you expect these new installers to be available? At this point I'm wondering if we should not ship this addon to Windows XP via Balrog configuration and activate it once we have new installers for XP.
Flags: needinfo?(mhowell)
Let's deploy what we have right now excluding Windows XP. We can push it to XP later when we have the new installer, or modify it to direct those users to a different install path.
Flags: needinfo?(benjamin)
For website metrics, please start with cmore.
(In reply to Stephen A Pohl [:spohl] from comment #12) > Matt, are you referring to bug 1284484 (see comment 2)? How soon do you > expect these new installers to be available? I hadn't seen bug 1284484 before; that does look to be what it's about. The installer I'm talking about has already been produced for 48.0; see http://archive.mozilla.org/pub/firefox/releases/48.0/win32-sha1/en-US/.
Flags: needinfo?(mhowell)
(In reply to Benjamin Smedberg [:bsmedberg] from comment #13) > Let's deploy what we have right now excluding Windows XP. We can push it to > XP later when we have the new installer, or modify it to direct those users > to a different install path. This is done.... but some added information/context. Basic additional facts as of now * Per chat with spohl, we also excluded windows vista [1][2] * Technically Disabled on a few more OS's than just XP and Vista, but all same class [1] * We're going to be soon updating the sha1 installer that is causing the website to point at 43.0 so that it points at something much newer, like 48.0 (or 48.0.1) [3] Now the details [1] - This is due to using the "Windows_NT" version string, and is based off the information in: https://en.wikipedia.org/wiki/Windows_NT#Releases Specifically we blocked regex("^Windows_NT 5.*") and regex("^Windows_NT 6.0.*") [2] - Windows Vista is excluded because of the same reasons, specifically we don't have information available to us on the website side to deterministically know that a newer version is installable (without said version having a SHA1 signing certificate), Vista added the newer support in a newer service pack but the Website has no way to get that information from us. [3] - Rail is doing work, that is currently blocked on some "bouncer" (download.mozilla.org) code changes to enable. This work is mostly tracked in Bug 1284484.
(In reply to Matt Howell [:mhowell] from comment #15) > (In reply to Stephen A Pohl [:spohl] from comment #12) > > Matt, are you referring to bug 1284484 (see comment 2)? How soon do you > > expect these new installers to be available? > > I hadn't seen bug 1284484 before; that does look to be what it's about. The > installer I'm talking about has already been produced for 48.0; see > http://archive.mozilla.org/pub/firefox/releases/48.0/win32-sha1/en-US/. And yes, that bug and that archive.m.o url are the same thing. We are blocked on deploying that as per what I mentioned in the prior comment.
Summary: [Out Of Date Notification] Windows XP download for 44.* from OutOfDate download button "upgrades" to 43.0.1 → [Out Of Date Notification] Windows XP & Vista download for 44.* from OutOfDate download button "upgrades" to 43.0.1
Closing this as fixed since we're no longer shipping the addon to Windows XP or Vista. Already spoke with Adrian who will be verifying this.
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(adrian.florinescu)
Resolution: --- → FIXED
Depends on: 1290737
Verified that we are not delivering the OutOfDate add-on to our xp users.
Status: RESOLVED → VERIFIED
Flags: needinfo?(adrian.florinescu)
Blocks: 1294104
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: