Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Èròjà atẹ̀lélànà yii ni a ti fi pamọ́ fọ́jọ́ pípẹ́. Jọ̀wọ́ béèrè ìbéèrè titun bí o bá nílò ìrànwọ́.

Why Firefox for Android is causing The Linux kernel to send data packets to random sites?

  • 2 àwọn èsì
  • 2 ní àwọn ìṣòro yìí
  • 78 views
  • Èsì tí ó kẹ́hìn lọ́wọ́ Kevin

more options

I've recently installed CyanogenMod on my Nexus 5. Shorty after installing CyanogenMod I decided to install Firefox on my device from here:

https://f-droid.org/repository/browse/?fdid=org.mozilla.firefox

Afrer installing it I decided to install a frontend application for IPtabels from here:

https://f-droid.org/repository/browse/?fdid=dev.ukanth.ufirewall

After installing it I blocked some applications from accessing my data networks, including The Linux kernel. After some hours passed I took a look at the firewall log and I noticed that the firewall has blocked several data packets from accessing the internet. The log also showed the IP addresses where the data packets were being sent. I decided to find out to whom these IP adresses belonged. The results were rather strange. One particular IP belonged to a French ISP, one on the other hand belonged to a Finnish ISP. Finally I found one IP that made some sense. That IP belonged to Mozilla. However, at this point I couldn't be sure that Firefox was causing this behaviour. So I did a little test. I re-installed CyanogenMod on my Nexus 7. I connected my Nexus 7 to my WiFi-network at my home and I installed the same frontend application for IPtables on my device. I configured the firewall the same way I did for my phone, so The Linux kernel was also blocked from accessing any data networks. I surfed the web with my device and did some other things with it. I also checked the firewall log from time to time, and no applications showed up in the log. So I installed Firefox on my device. And immediately after installing it The Linux kernel was trying to send data packets to the same IP addresses. Now I was almost completely sure that Firefox was indeed causing this strange behaviour.

Here are some addresses where The Linux Kernel was trying to send data packets:

69.50.225.155 63.245.217.219 72.167.239.239 23.43.139.27 74.125.232.107 193.229.109.41 63.245.217.160 94.23.204.140

Conclusion:

  • I downloaded CyanogenMod from the projects official site and I checked the md5sums of the files
I downloaded before I flashed anything onto my device
  • I installed all the applications on my devices (including Firefox) from here: https://f-droid.org
  • I didn't do anything stupid with my devices so I dont' think that they were infected with malware
  • I changed Firefox settings so that it didn't share any data with Mozilla

So I'd like to have some answers to the following questions:

1)Why Firefox is causing the Linux kernel to send data to these IP addresses and is there any way

to turn this "feature" off?

2)Do the other versions of Firefox and other Mozilla software (Thunderbird etc.) also include this form of snooping?

I've recently installed CyanogenMod on my Nexus 5. Shorty after installing CyanogenMod I decided to install Firefox on my device from here: https://f-droid.org/repository/browse/?fdid=org.mozilla.firefox Afrer installing it I decided to install a frontend application for IPtabels from here: https://f-droid.org/repository/browse/?fdid=dev.ukanth.ufirewall After installing it I blocked some applications from accessing my data networks, including The Linux kernel. After some hours passed I took a look at the firewall log and I noticed that the firewall has blocked several data packets from accessing the internet. The log also showed the IP addresses where the data packets were being sent. I decided to find out to whom these IP adresses belonged. The results were rather strange. One particular IP belonged to a French ISP, one on the other hand belonged to a Finnish ISP. Finally I found one IP that made some sense. That IP belonged to Mozilla. However, at this point I couldn't be sure that Firefox was causing this behaviour. So I did a little test. I re-installed CyanogenMod on my Nexus 7. I connected my Nexus 7 to my WiFi-network at my home and I installed the same frontend application for IPtables on my device. I configured the firewall the same way I did for my phone, so The Linux kernel was also blocked from accessing any data networks. I surfed the web with my device and did some other things with it. I also checked the firewall log from time to time, and no applications showed up in the log. So I installed Firefox on my device. And immediately after installing it The Linux kernel was trying to send data packets to the same IP addresses. Now I was almost completely sure that Firefox was indeed causing this strange behaviour. Here are some addresses where The Linux Kernel was trying to send data packets: 69.50.225.155 63.245.217.219 72.167.239.239 23.43.139.27 74.125.232.107 193.229.109.41 63.245.217.160 94.23.204.140 Conclusion: *I downloaded CyanogenMod from the projects official site and I checked the md5sums of the files I downloaded before I flashed anything onto my device *I installed all the applications on my devices (including Firefox) from here: https://f-droid.org *I didn't do anything stupid with my devices so I dont' think that they were infected with malware *I changed Firefox settings so that it didn't share any data with Mozilla So I'd like to have some answers to the following questions: 1)Why Firefox is causing the Linux kernel to send data to these IP addresses and is there any way to turn this "feature" off? 2)Do the other versions of Firefox and other Mozilla software (Thunderbird etc.) also include this form of snooping?

All Replies (2)

more options

The official Firefox for Android is available from the playstore or this site: https://www.mozilla.org/en-US/firefox/android/

It is possible to set up a Proxy https://addons.mozilla.org/en-US/mobi.../proxy-mobile/

I would assume that the browser is using the internet connection of the device and the internet is being provided by an isp, would it depend what the packets were? Maybe data billing requests?

I believe you can block ips as well if you wanted to: https://addons.mozilla.org/bn-BD/andr.../silentblock/

more options