Package: libfirefox-marionette-perl
Version: 1.63-1
Severity: normal
File: /usr/share/perl5/Firefox/Marionette.pm
Tags: upstream patch

Since the upgrade of firefox to 138, using the 'download' method fails with the following error:

System access is required to switch to chrome scope. Start Firefox with
"-remote-allow-system-access" to enable it.

Indeed, adding the following after line 4702 of Marionette.pm makes the error go away:

if ($self->_is_firefox_major_version_at_least(138)) {
push @arguments, '-remote-allow-system-access';
}

The debsums error below is because of that change.




-- Damyan



-- System Information:
Debian Release: 13.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.27-amd64 (SMP w/24 CPU threads; PREEMPT)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libfirefox-marionette-perl depends on:
ii libarchive-zip-perl 1.68-1
ii libconfig-ini-perl 1:0.029-1
ii libcrypt-urandom-perl 0.54-1
ii libencode-perl 3.21-1+b2
ii libfile-homedir-perl 1.006-2
ii libjson-perl 4.10000-1
ii libscalar-list-utils-perl 1:1.63-1+b4
ii libsocket-perl 2.038-1+b1
ii libterm-readkey-perl 2.38-2+b4
ii libtext-csv-xs-perl 1.60-1
ii liburi-perl 5.30-1
ii libxml-parser-perl 2.47-1+b3
ii perl [libpod-simple-perl] 5.40.1-3
ii perl-base [libsocket-perl] 5.40.1-3

Versions of packages libfirefox-marionette-perl recommends:
ii firefox 138.0.3-1
ii firefox-esr 128.10.0esr-1

libfirefox-marionette-perl suggests no packages.

-- debconf-show failed

-- debsums errors found:
debsums: changed file /usr/share/perl5/Firefox/Marionette.pm (from libfirefox-marionette-perl package)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 15 May 2025 10:16:06 +0000, Damyan Ivanov wrote:

Since the upgrade of firefox to 138, using the 'download' method fails with the
following error:

System access is required to switch to chrome scope. Start Firefox with "-remote-allow-system-access" to enable it.

Nice catch!

The build in unstable also fails when I change the B-D to just
"firefox", saying

<< 927:[1,6,{"error":"unsupported operation","message":"System access is required to switch to chrome scope. Start Firefox with \"-remote-allow-system-access\" to enable it.","stacktrace":"RemoteError@chrome://remote/content/shared/RemoteError.sys.mjs:8:
8\nWebDriverError@chrome://remote/content/shared/webdriver/Errors.sys.mjs:199:5\nUnsupportedOperationError@chrome://remote/content/shared/webdriver/Errors.sys.mjs:927:5\nset@chrome://remote/content/marionette/driver.sys.mjs:338:13\nGeckoDriver.prototype.
setContext@chrome://remote/content/marionette/driver.sys.mjs:811:3\ndespatch@chrome://remote/content/marionette/server.sys.mjs:318:40\nexecute@chrome://remote/content/marionette/server.sys.mjs:289:16\nonPacket/<@chrome://remote/content/marionette/server.
sys.mjs:262:20\nonPacket@chrome://remote/content/marionette/server.sys.mjs:263:9\n_onJSONObjectReady/<@chrome://remote/content/marionette/transport.sys.mjs:494:20\n"},null]
unsupported operation: System access is required to switch to chrome scope. Start Firefox with "-remote-allow-system-access" to enable it. at t/01-marionette.t line 806

Indeed, adding the following after line 4702 of Marionette.pm makes the error >go away:

if ($self->_is_firefox_major_version_at_least(138)) {
push @arguments, '-remote-allow-system-access';
}

And with this change the testsuite passes against FF 138.


What looks a bit scary is:

https://firefox-source-docs.mozilla.org/remote/Security.html

Note: Enabling this flag grants unrestricted access to all
available Gecko APIs for both the Marionette and WebDriver BiDi
protocols, allowing tests to interact directly with the host
system or the device running the test. Use this flag only when
absolutely necessary.


OTOH, reading https://firefox-source-docs.mozilla.org/remote/Prefs.html
this might be the preferred way:

Instead of switching the preference value, the client should
ideally fix the breakage by passing -remote-allow-system-access
as an argument to the Firefox binary.


I've prepared a patch in git but I'm first forwarding the bug report
to see if/what upstream has to say about it.


Cheers,
gregor

--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`-

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmgmCNtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ qgYSyxAAl1apch0vo46eI4MUOQ4Dw+DHB+0GPuvNAp6/R8CEc+0KIYlg9WqIMVln Grrfq9MY/+cOk9oC0CHC3IUdevjWK+2jM61s6hgvcmexvvc+WbvdEV024Rxew13c cbI7VfXtkTNL2mOnWRfSpdxwPwEgy1AcQ1Ah1QqV7rbvGTiOkXeMoNzS6N84Lp36 LVGK1dYIWNbyv131hS6t10foMDexBXigwYBnctR5bx6drriDco43p68QVwKY0QqK 9pnZ7yRLjziX9eWqJDuYKjQCNO7qaGUcNr5pEb0aK5ypZ98ZUEGJsKPX6E/wHHnQ xdzglsUduVw16OtaZ50IRLO5rMr3ydNvirZI3GkURp8RpoZocdg5RAWYQ+6GFi2E sXBVTrpgMcRKQHnG2sPhtMYE//xWTyjhsh2z5sakJVfamtmFhfma7rS71bqA+9Xx CNGvrNne+8140nJMlPwzxLii2UNVkRPgFQlC42272Xfp7XCCm+xzuiwSGXSln9BX BRrYmDUixuJIYniwvVkFxtiK/wz3ejmMQMX132oTdavDhfzZam+tx4h41atc3AYS NXJK1Fa91nHpP+FgtN9jA2TY8E0IYPenOuMu68fQHsUpc1Z0dk1KJB1isfSHDgil GggD19H8OrOkQMnQm8VXudvh+9Ce7kdHI46ek2PKIIWVbVvhMyw=
=LIMQ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)