User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15

Steps to reproduce:

When an update is available for Mac Firefox, the user is prompted for admin credentials to run a Helper tool. This occurs every time an update is required.

Actual results:

User is prompted for admin creds to install/run Helper Tool.

Expected results:

Firefox should not require a Helper Tool or admin rights.

Notes:

I was told by Mike Kaply @ Mozilla. to submit this information via Slack.

We have a lot of FF users along with Safari and Chrome (Mac). All 3 browsers are officially support currently.

I have struggled with trying to come up with solutions to patch/update Firefox in a way that doesn't require the user to provide admin creds for the FF Helper Tool.

Safari, Chrome, Edge and (most) other Mac browsers/apps provide the required update/patch inside the Mac app bundle to prevent users from being prompted to update every time.

This has become problematic for 2 reasons:

1 we are removing user's from having local admin rights. Users will no longer be able to keep Firefox up to date.

2 We have a 'improve the customer experience' project to reduce 'unwanted friction' that causes productivity loss, etc (like pop-ups, prompts, etc).
This is based on research my CIO did in a user feedback poll. Firefox (Mac) has been targeted as an app we may decide to not support because of these 2 challenges.

Can you point to someone at Mozilla that can assist in how to patch Mac Firefox (and let users patch/update as needed) without the Helper Tool prompts? Or share inisght as to why FF requires the user to be prompted while other browsers do not?

The Bugbug bot thinks this bug should belong to the 'Toolkit::Application Update' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

I was asked about this in https://phabricator.services.mozilla.com/D207994 and thought I'd copy/paste my thoughts here as well.

What's important to understand first and foremost is that the elevated updater was introduced in bug 394984 to fix one particular use case: After one admin user installed Firefox, no other user, not even admin user, could update Firefox. The introduction of the elevated updater had the very narrow purpose of allowing another user (admin or standard) to elevate, update and also adjust the ownership and permissions on the .app bundle so that future updates would no longer require elevation for admin users. Standard users continued to have to elevate for security reasons. Since this fixing of permissions and ownership only had to occur once for admin users, it was best to clean up after ourselves and removing ourselves from the installed privileged helper tools. There is nothing preventing us to expand on the elevated update flow and having some form of background updater on a system. However, we would want to think carefully about the details. One detail, for example, is how to clean up after ourselves in the event of a user uninstalling Firefox. We could, for example, install this privileged helper tool the first time that an elevated update becomes necessary and tie it to the particular Firefox install. This would mean that multiple Firefox installs would result in multiple background updaters. These updaters could periodically check that their associated Firefox.app bundle is still installed and remove themselves from the system if they are no longer present. We would also want to think about the actual functionality of the updater: Should it just be a tool that is installed that can be used during updates, if necessary (similar to today, just that it no longer needs to be installed every time)? Should it be the actual "service" that checks for updates, whether Firefox is running or not? There is a lot to figure out here and the final implementation will mostly depend on what level of time commitment we're willing to spend on it. If we want to expand on the elevated updater that exists today, I would be interested in helping implement this or even take the lead on it.

@Daniel, thanks for reporting this. We will be looking into how we can streamline updates for non-admin users. We might have some follow-up questions about your environment.

The user prompts are needed in Firefox because typically the application is installed and owned (with respect to UNIX permissions) by an administrator user and admin group and therefore a non-admin user can not overwrite the application for an update. Hence admin user credentials are needed during the update. Google Chrome has an option to avoid this. It offers to install a system-wide updater that lives in the root /Library, not attached to any user, and updates Chrome in the background by running periodically.