Sunday, December 04, 2005

Firefox 1.5 acting as a server?

I just upgraded to Firefox 1.5 on my Windows laptop. When I launched the application, my software firewall told me the Firefox had requested permission to act as a server. That is, to listen on a port and accept incoming connections from the network (mine, or maybe the Internet). Of course I said no. If there had been a "F*** off" button I would have clicked that instead. Now, I know the good folks at the Mozilla Foundation really care about security, and I know that Firefox is their best-loved child. So what's going on here? It could be my firewall acting up, but I doubt it. The firewall has a pretty simple job. A quick web search showed that it might have something to do with the auto-update feature, but that doesn't sound convincing either. Why should auto-update be anything other than a pull through port 80? My best guess is that the Firefox crew simply missed this one and will correct the mistake in the near future. "Missed" could mean they carelessly designed in some kind of mostly-harmless server, or it could mean that they carelessly design in something that looks like a server but isn't. Or it could have to do with the quality feedback agent, although that seems odd as well. In any case, I don't think it's worth investigating further. I love Firefox and plan to keep using it as my primary browser, and I look forward to playing with the new features in 1.5. But if it actually needs to act as a server for something, I'll toss it faster than you can say "Opera."

No comments: