Welcome to the official community for LibreWolf.
LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM. If you have any question please visit our FAQ first: https://librewolf.net/docs/faq/
To learn more or to download the browser visit the website: https://librewolf.net/
If you want to contribute head over to our Codeberg: https://codeberg.org/librewolf
I think it's related to the push notifications.
You can check by disabling them.
about:config in the address bar, press Enterdom.push.enabled and double-click it to set it to false.https://librewolf.net/docs/faq/#does-librewolf-make-any-outgoing-connections
That seems to have solved it, thank you.
I completely forgot about the Librewolf FAQ.
I still don't understand how it got through the firewall though.
I would also like to know how it got through the firewall. LibreWolf is not running as root, is it?
No, of course not.
I'd never run any service as root unless it's absolutey necessary.
I'm actually still baffled by this because I have no idea how this could happen.
A friend of mine suggested that Librewolf may have edited my ufw rules, but unless my understanding of how file permisions in Linux work is fundamentally flawed (without me ever running into problems because of it) that shouldn't be possible. Especially because ufw status still shows the IP as denied.
I'm thinking about filing a bug report to ufw about this.
My career has primarily been in IT support so I had to ask haha 😅 Baffling is the word, for sure. If you do figure it out and you remember to update here I'd be appreciative! I think, after xz, we should all be on high alert to investigate minor-seeming-but-still-very-weird behaviours like this.
I very much doubt that this is even anywhere close to the level of xz. If, big IF, this is some kind of backdoor, then whoever made it didn't put nearly as much effort into hiding it as they did with xz and it would've probably been found already.
I still don’t understand how it got through the firewall though.
In the past I have followed howtos on the Internet about blocking a single IP address with iptables or for that matter ufw, and failed :(
Does it ping Google if there are no sites with notifications?
Seems that way, as I have not given any website permission to send me notifications.
It seems to be a Mozilla server though, which is just hosted by Google. In my book that doesn't make it much better though.
By the same token some people seek to "de-Google" and then install a custom ROM on Google Pixel hardware, it's like, my guy, any backdoor you are seeking to remove in the software most likely is already a vector in the hardware.
Thanks for being so alert, there is no reason LW needs to talk to any website on the net without being asked to, least of all Google.
It does not
Then why was netstat showing an active conection to this server at all times?
I'm bad at using blockquotes when the comment ends in the thing I'm replying to.
In my book that doesn’t make it much better though.
No idea, sorry.
As sibling comment says, I also found some info regarding this related to push events. https://www.reddit.com/r/LibreWolf/comments/15bgn04/comment/juifjik/