[pieno]

The maintenance service is not checking for updates. It is still Firefox itself that checks for updates, but instead of launching the updater.exe (which triggers the UAC dialog), Firefox will start the maintenance service and tell the service there is a new update. The service will stop Firefox, run the updater to install the new version of Firefox (which does not require a UAC because the service already has elevated permissions), restart Firefox (updated version), and then stop itself. So this is not your typical update service such as Java or Adobe have which continuously runs in the background, but rather an interesting trick to run executables with elevated on-demand of a non-elevated executable.

[wolverine876]

> The service will stop Firefox, run the updater to install the new version of Firefox (which does not require a UAC because the service already has elevated permissions), restart Firefox (updated version), and then stop itself.

The service asks before stopping Firefox? Also, what if I have private tabs open, does it retain those in the session when it restarts?

[jniedrauer]

Several years ago, I had to use this trick to automate an MSSQL install via powershell remoting. One of the operations the installer performed was disallowed for powershell remoting sessions. So I set up my script to create a service and then invoke the installer from the service, which worked perfectly. Whatever security checks they had on powershell remoting sessions weren't much more than security theater. Not sure if this is still the case, but it seems that this is still a useful trick.

[nly]

How does the service authenticate Firefox?