Mozilla Firefox Plugin Spyware? Firefox leak?

Hi there.

Recently discovered my comp connecting multiple times to the following address EVERY TIME FF is being started:

found out it was or something mozilla dev. related.

One of the following plugins seems to be responsable for those “additional” connections:


But, which one of them?
And, is there any possibility to block this whilst FF being marked as Trusted?

This may be a serious security leak, and no one as of now has written about it yet…

Cheers, and: Many answers appreciated!

The only thing i know for sure that is safe is noscript. The other ones i am not so sure about. Im pretty sure it is prefbar doing it, im assuming its a toolbar and most toolbars do crazy things. Uninstall that tool bar and then see how it goes. Or you can have CFP block all connections to that IP. Or try blocking it at the host file level.

NoScript and Adblock (Plus) are safe, no strange connections. Only connections made on Firefox startup are to my DNS.
And yes, is Try writing it in your adress bar, and your DNS will resolve as


I know with Adblock plus you can “subscribe” to ad blocking filters or whatever, it may be checking for updates on that?

Do you have any “subscriptions” for Adblock?

Thanks for your replies, but the riddle has been solved now.

New prefbar 4.1 adds an autocheck for updates function. (I think there should be a switch to turn this off, but, unfortunately, this is not the case).
For that reason it tries to connect to that site every few seconds… not a lovely thing, am I right?

Returning to 4.0 (which does it’s job equally fine) stopped those “home phoning” (even if they were, hopefully, not of the malicious kind) attempts.

Cheers :slight_smile:

Quote from their site:

PrefBar 4.1 contains a simple update notifier which will tell you about future PrefBar updates and asks you if you like to visit the PrefBar homepage

Woo! I was right! Scummy people should make that much more clear.

“For that reason it tries to connect to that site every few seconds… not a lovely thing, am I right?”

I totally agree with you. If you’re a fan of that add on, you might suggest they get rid of that feature. If you get enough people to notice it and complain about it, they’re lean more towards considering changing it.

It’s open-source, why don’t you just kill the updater if it troubles you ?
(or point it to in your HOSTS-file)