Firefox browser extension 4.7.1.90 for 1pw 7.0.3 cannot be verified
Hi all,
I'm running Firefox 60.0.1 on macOS 10.13.5, have just upgraded 1password from version 6.8.x to 7.0.3 and cannot get the firefox browser extension 4.7.1.90 to work.
The extension doesn't start because "1Password can't verify the identity of your web browser".
I've tried everything, from restarting, rebooting and reinstalling firefox, the extension and 1password in all possible combination w/o any luck.
Downgrading Firefox or switching of the macOS firewall doesn't do anything either.
There is nothing that I can think of that would suddenly prevent 1pw from communicating with its extension via localhost/127.0.0.1.
The previous extension worked flawlessly for me, as does the current Safari extension. The only problem is Firefox, which is my main browser.
Is there any debugging info that I might be able to get to in order to further diagnose the issue?
Interestingly enough I just set up another Mac with the same OS, Firefox and 1password version and on that machine everything works, so it must be something that's somewhat specific to my machine...
Thank you in advance for any pointers,
Walter
1Password Version: 7.0.3
Extension Version: 4.7.1.90
OS Version: 10.13.5
Sync Type: Not Provided
Comments
-
Just upgraded to 1pw 7.0.4 but the issue remains unchanged.
There is no way I can get the extension (whose version appears to be still 4.7.1.90) to activate.Firefox is (and always has been) happily living the /Applications folder...
It'd be great if someone could give me a hint as to how to debug this problem.
(I am a software dev myself and would be willing to do open heart surgery on 1pw and/or firefox if someone gave me a starting point...)Cheers,
Walter0 -
Another comment:
When I downgrade to 1pw 6.8.9 the firefox extension "lights up", i.e. everything works as expected (without reinstalling or touching the firefox extension at all).
Re-upgrading to 7.0.4 makes the problem reappear, i.e. 1pw claiming that the browser identity cannot be verified.To me this clearly looks like a problem on the side of 1password as Firefox and the extension appear to be working properly against 1pw 6.8.9.
0 -
Hi there @walter54
In order to properly diagnose this, we need to take a closer look at your setup. What I would like you to do is send in a diagnostic report. Instructions on how to do so can be found over at https://support.1password.com/diagnostics. Please include the link to this thread in the diagnostic email. You will be responded to by BitBot with your Support ID. Please post that ID here so we can locate your diagnostic.
0 -
Hi Corey,
thank you for the pointer to the diagnostics app!
I ran it and looked through the output myself, which helped me diagnose and fix the problem.The OP7 log contained this line:
Failed to validate Firefox because it is not running from the /Applications folder but from 'file:///private/var/folders/jz/5sz_5m8d0g1g06mj8y153wcc0000gn/T/AppTranslocation/E1F7C95F-C1E0-4599-BC8B-C12BE333A457/d/Firefox.app/Contents/MacOS/firefox'
which made clear, what the problem was: the app translocation, introduced with macOS Sierra.
Some more details can be found, for example, here.
I quote:macOS Sierra introduces a new security feature called "Gatekeeper Path Randomization" (or "app translocation", as it's called on the API level). The basic gist is that if you download and run a Gatekeeper app from the Downloads folder, the OS will copy the app into a read-only disk image and run it from there instead. See the link above for more details.
This applies until the user moves the app to any other location (not just the Applications folder), after which the OS will just run the app normally. However, the move is only recognized if performed using the Finder. If you move the app another way, e.g. using "mv" in the Terminal, the app will continue to be translocated when run, even if it's in /Applications.
Apparently, during my Firefox upgrade macOS didn't properly recognize my move to the /Applications folder, which caused Firefox to still run in translocated mode, i.e. outside of the /Applications folder.
The solution was to delete /Application/Firefox entirely, redownload it and making a point of moving it to the /Applications folder with the Finder. I then confirmed that it is indeed running from /Applications with the Activity Monitor (showing the files opened by the Firefox process).
Once this change was made and the machine restarted 1password finally started to talk the Firefox extension and everything is good.Thank you once again for the pointer!
Cheers,
Walter0 -
Hi Corey,
thank you for the pointer to the diagnostics app, which allowed me to diagnore and fix the problem myself.
The OP7 logs exported by the diagnostics app contained this line:Failed to validate Firefox because it is not running from the /Applications folder but from 'file:///private/var/folders/jz/5sz_5m8d0g1g06mj8y153wcc0000gn/T/AppTranslocation/E1F7C95F-C1E0-4599-BC8B-C12BE333A457/d/Firefox.app/Contents/MacOS/firefox'
which made clear what the problem was: the app translocation introduced with macOS Sierra.
More details on this can be found, for example, on this page.I quote:
macOS Sierra introduces a new security feature called "Gatekeeper Path Randomization" (or "app translocation", as it's called on the API level). The basic gist is that if you download and run a Gatekeeper app from the Downloads folder, the OS will copy the app into a read-only disk image and run it from there instead. See the link above for more details.
This applies until the user moves the app to any other location (not just the Applications folder), after which the OS will just run the app normally. However, the move is only recognized if performed using the Finder. If you move the app another way, e.g. using "mv" in the Terminal, the app will continue to be translocated when run, even if it's in /Applications.
Apparently, during the upgrade of Firefox the application was moved into the /Applications folder without macOS properly recognizing this move, which caused it to still run in translocated mode, even when started from the /Applications folder, which prevented 1password from properly verifying it.
The solution was to completed remove Firefox, redownload it and making a point of properly moving it into the /Application folder with the Finder. After a reboot I verified that Firefox indeed isn't running translocated anymore by checking the open files of the process with the Activity monitor.
And, once this was done, 1password finally started to talk to the extension without any further issues.
Everything is now working as expected.Thank you very much again for the pointer to the diagnostics app!
Cheers,
Walter0
