firefox opens a UDP listening port a.k.a backdoor on all network interfaces
On ubuntu oracular 24.10, when firefox is launched, it tries to open a UDP listening port on all network interfaces which is not acceptable on many levels:
/usr/bin/netstat -tunpevaW|grep firefox udp 0 0 0.0.0.0:48654 0.0.0.0:* 1000 881247 178766/firefox
Is this behavior specific to Ubuntu or is it implemented by design? This must be a no go by design: if it needs a UDP port for some reason, it has to open it on the **loopback interface (127.0.0.1)** only.
Wót jean-christophe manciot
Wšykne wótegrona (3)
Hi Jean-Christophe!
I found this post about this: https://unix.stackexchange.com/a/769645 According to this and others I found, these are most likely used by HTTP/3, which is partially UDP-based. So this isn't Ubuntu-specific at all.
Regards, Balázs
Wót Balázs Meskó
Chrome supports HTTP/3 out of the box (which can be checked at https://quic.nginx.org for instance) and does not open UDP or TCP listening ports on all network interfaces:
# /usr/bin/netstat -tunpevaW|grep chrome | grep -P "^(udp|tcp)[[:blank:]]+0[[:blank:]]+0[[:blank:]]+0\.0\.0\.0:" #
The HTTP/3 argument does not stand.
Wót Balázs Meskó
I can't find any authoritative source, so you can disagree, but it is indeed HTTP/3. If you disable it in about:config no new ports are in netstat's output.
My guess is Chromium's implementation of QUIC is slightly different.
Wót Balázs Meskó