[LINK] Firefox security issue
David Lochrin
dlochrin at d2.net.au
Wed Oct 31 14:52:21 AEDT 2007
I've just discovered that some program on this system sets up a TCP connection to "dyna-addons.nslb.:https" (address incomplete) soon after logging in on my account. A little investigation on the 'net revealed that the culprit is Mozilla Firefox, and the full address is "dyna-addons.nslb.sj.mozilla.com" or 63.245.209.31
However Firefox is explicitly configured ~not~ to download updates.
Occasionally I've noticed network activity at unexpected times which stops when I log out of the account. Since that terminates Firefox, I now suspect that Firefox is downloading stuff despite the configuration choice.
Can any Linker shed light on what's going on? Surely such behaviour is unacceptable? The secure-HTTP outbound connection will be allowed by most firewalls, and any user or organisation may find their systems modified unexpectedly. And of course this software will have read access to everything in the user's account.
David
More information about the Link
mailing list