X
Appuyez ici pour vous rendre sur la version mobile du site.

Forum d’assistance

Stop FF calls out to IP address 72.21.91.19 every 15 minutes

Publié

Why does FF call out to the IP address 72.21.91.19? I found that the IP is part of Edgecast and seemed to be possibly related to FF live bookmarks and/or the latest headline live book mark.

But FF is still trying to go to that IP even after the live bookmark was removed. It tries to do this every 15 minutes and sometimes more often.

Currently I am blocking that IP with my firewall. This seems to be a privacy & security problem. But I have not found a way to completely block live bookmarks. This ONLY happens if FF is open and happens regardless of what site the browser is or has been visiting.

This is an older system and FF ver 3.6.28 ( it's a good old stable W2k OS system). FF is using NoScript, Ghostery, & ADP. The system passes all virus checks, including Malware Bytes and Super AntiSpyware.

tia for help with this Sam177

Why does FF call out to the IP address 72.21.91.19? I found that the IP is part of Edgecast and seemed to be possibly related to FF live bookmarks and/or the latest headline live book mark. But FF is still trying to go to that IP even after the live bookmark was removed. It tries to do this every 15 minutes and sometimes more often. Currently I am blocking that IP with my firewall. This seems to be a privacy & security problem. But I have not found a way to completely block live bookmarks. This ONLY happens if FF is open and happens regardless of what site the browser is or has been visiting. This is an older system and FF ver 3.6.28 ( it's a good old stable W2k OS system). FF is using NoScript, Ghostery, & ADP. The system passes all virus checks, including Malware Bytes and Super AntiSpyware. tia for help with this Sam177

Solution choisie

Update:

Progress !!! Have determined that FF was calling out to a news feed which was going the the IP 72.21.91.19. Still not sure why it was going there, though.

I installed "Fiddler" and it showed me the url that was involved. http://fxfeeds.mozilla.com/en-US/firefox/headlines.xml

Eventually I found that my booksmaks contained an second "liveFeed" for "headline news" in a duplicate of the Bookmarks Toolbar folder. It was located way in the middle of the actual bookmakrs file. Btw searching FF bookmarks can be a real pain. I had to export the bookmarks as an html file and use a text editor to do the searching thru it.

I have now removed that folder. And so far the calls out to IP 72.21.91.19 have not reappeared at all.

Also curiously the repeated calls out stopped happening regularly every 15 minutes after I had installed Fiddler. On installation, Fiddler did install an addon into FF. Niot sure if thsi had any effect. But apparently starting the Fiddler program disables the Fiddler addon. Noit sure I want the fiddler addon in FF, though.

So for now this seems to have been caused by FF's live feed and that feed going thru Edgecast. Mozilla should change this.

thanks for the help with this. Wish there were a more effective way to search bookmarks for say ALL "livefeed" bookmarks.

Sam177

Lire cette réponse dans son contexte 0

Détails additionnels sur le système

Plugins installés

  • Foxit Reader Plug-In For Firefox and Netscape
  • Office Plugin for Netscape Navigator
  • Default Plug-in
  • CANON iMAGE GATEWAY Mycamera Plugin
  • Windows Presentation Foundation (WPF) plug-in for Mozilla browsers
  • VLC media player Web Plugin 2.1.0

Application

  • Agent utilisateur : Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28

Plus d’informations

Auteur de la question

cor-el,

Thanks for the really quick reply. I've grabbed both of those now. And they are a workout to go thru. But I've looked into the firefox.js file a little bit so far.

I did find a couple of apparent contradictions so far. Here is an example:

// Blocklist preferences

pref("extensions.blocklist.enabled", true);

This machine is supposed to have the FF block list disabled.

But this is from just a quick look.

Sam177

cor-el, Thanks for the really quick reply. I've grabbed both of those now. And they are a workout to go thru. But I've looked into the '''firefox.js''' file a little bit so far. I did find a couple of apparent contradictions so far. Here is an example: '''// Blocklist preferences''' '''pref("extensions.blocklist.enabled", true);''' This machine is supposed to have the FF block list disabled. But this is from just a quick look. Sam177

Modifié le par Sam177

cor-el
  • Top 10 Contributor
  • Moderator
17472 solutions 157915 réponses

These files show the default value that is used to initialize prefs. Once you change a pref on the about:config page or otherwise then this default is no longer used, so that is OK. The value of prefs that do not have the default value are stored in the prefs.js file.

These files show the default value that is used to initialize prefs. Once you change a pref on the about:config page or otherwise then this default is no longer used, so that is OK. The value of prefs that do not have the default value are stored in the prefs.js file.

Auteur de la question

cor-el,

Thanks for that information. Glad to know that the difference isn't a major hiccup in my settings.

back when I get some more things tested tomorrow.

Sam177

cor-el, Thanks for that information. Glad to know that the difference isn't a major hiccup in my settings. back when I get some more things tested tomorrow. Sam177

Auteur de la question

Quick question: Could the FF spell check be contributing to this problem?

How does the FF spell check system work? And is there a way to turn it off? Does it update its dictionary?

It's been a busy day here. Haven't had much time to continue exploring this problem. Hope to get back to it soon.

Will post again when I've made some progress. It others have more ideas, please let me know.

Sam177

Quick question: Could the FF spell check be contributing to this problem? How does the FF spell check system work? And is there a way to turn it off? Does it update its dictionary? It's been a busy day here. Haven't had much time to continue exploring this problem. Hope to get back to it soon. Will post again when I've made some progress. It others have more ideas, please let me know. Sam177

Solution choisie

Update:

Progress !!! Have determined that FF was calling out to a news feed which was going the the IP 72.21.91.19. Still not sure why it was going there, though.

I installed "Fiddler" and it showed me the url that was involved. http://fxfeeds.mozilla.com/en-US/firefox/headlines.xml

Eventually I found that my booksmaks contained an second "liveFeed" for "headline news" in a duplicate of the Bookmarks Toolbar folder. It was located way in the middle of the actual bookmakrs file. Btw searching FF bookmarks can be a real pain. I had to export the bookmarks as an html file and use a text editor to do the searching thru it.

I have now removed that folder. And so far the calls out to IP 72.21.91.19 have not reappeared at all.

Also curiously the repeated calls out stopped happening regularly every 15 minutes after I had installed Fiddler. On installation, Fiddler did install an addon into FF. Niot sure if thsi had any effect. But apparently starting the Fiddler program disables the Fiddler addon. Noit sure I want the fiddler addon in FF, though.

So for now this seems to have been caused by FF's live feed and that feed going thru Edgecast. Mozilla should change this.

thanks for the help with this. Wish there were a more effective way to search bookmarks for say ALL "livefeed" bookmarks.

Sam177

Update: Progress !!! Have determined that FF was calling out to a news feed which was going the the IP 72.21.91.19. Still not sure why it was going there, though. I installed "Fiddler" and it showed me the url that was involved. http://fxfeeds.mozilla.com/en-US/firefox/headlines.xml Eventually I found that my booksmaks contained an second "liveFeed" for "headline news" in a duplicate of the Bookmarks Toolbar folder. It was located way in the middle of the actual bookmakrs file. Btw searching FF bookmarks can be a real pain. I had to export the bookmarks as an html file and use a text editor to do the searching thru it. I have now removed that folder. And so far the calls out to IP 72.21.91.19 have not reappeared at all. Also curiously the repeated calls out stopped happening regularly every 15 minutes after I had installed Fiddler. On installation, Fiddler did install an addon into FF. Niot sure if thsi had any effect. But apparently starting the Fiddler program disables the Fiddler addon. Noit sure I want the fiddler addon in FF, though. So for now this seems to have been caused by FF's live feed and that feed going thru Edgecast. Mozilla should change this. thanks for the help with this. Wish there were a more effective way to search bookmarks for say ALL "livefeed" bookmarks. Sam177

Modifié le par Sam177

jscher2000
  • Top 10 Contributor
8693 solutions 71056 réponses

Glad to hear you found it. By default, the FiddlerHook extension detects whether Fiddler is running and redirects requests through the proxy when it is. It adds a control to the Add-on bar to let you change its behavior (e.g., force off, force on, auto).

A proxy can change Firefox's behavior based on how the proxy holds connections open or closes them. It also has been seen to "fix" some responses that Firefox does not like so they work in Firefox. Therefore, although it is by far the most convenient way to observe traffic, it's not the most transparent.

Glad to hear you found it. By default, the FiddlerHook extension detects whether Fiddler is running and redirects requests through the proxy when it is. It adds a control to the Add-on bar to let you change its behavior (e.g., force off, force on, auto). A proxy can change Firefox's behavior based on how the proxy holds connections open or closes them. It also has been seen to "fix" some responses that Firefox does not like so they work in Firefox. Therefore, although it is by far the most convenient way to observe traffic, it's not the most transparent.
Tyler Downer
  • Top 25 Contributor
  • Moderator
1530 solutions 10669 réponses

Just an FYI, not sure if the other helpers told you this, but you need to update to a modern version of Firefox, 27.0.1 or later. Running Firefox 3.6 is not safe as it is affected by hundreds of known vulnerabilities and holes, plus having reduced modern web compatibilities, being significantly slower and using more system resources. Please update ASAP

Just an FYI, not sure if the other helpers told you this, but you need to update to a modern version of Firefox, 27.0.1 or later. Running Firefox 3.6 is not safe as it is affected by hundreds of known vulnerabilities and holes, plus having reduced modern web compatibilities, being significantly slower and using more system resources. Please update ASAP

Auteur de la question

Tyler Downer,

Thanks for your reply. Note that there are a lot of us who can not use the FF "latest & greatest". In our case, we want the same browser and same look,feel & functionality on both our XP & W2k machines. Yes some people still run W2k. With good security policies & proceedures as wellas top level FW & AV, plus good addons, we can mostly tame the beast.

Additionally many of the "new improvements" have left us less than impressed with FF & Mozilla. Though I still use FF.

In this post I did learn that I can use some mod to let FF newer than v13 or 14 on my older systems. But that means a new learnign curve to work thru. And it seems to mean that I would have to put up with forced updates. That is one of the very BAD things that FF has introduced. Sometimes change for the sake of change is really not worth it.

Yet Mozilla seems to have forgotten what got us interested in the beginning. Glitz was not why we became involved with FF. It was what used to be a soundly put together program. We did not want much of what FF seems to have become now. And the current sitution makes many of us question the soundness of the FF approach to development along with the money that FF accepts.

Guess that's a bit of a rant. But what I've seen & read about that's happenign with FF has been disappointing.

Sam177

Tyler Downer, Thanks for your reply. Note that there are a lot of us who can not use the FF "latest & greatest". In our case, we want the same browser and same look,feel & functionality on both our XP & W2k machines. Yes some people still run W2k. With good security policies & proceedures as wellas top level FW & AV, plus good addons, we can mostly tame the beast. Additionally many of the "new improvements" have left us less than impressed with FF & Mozilla. Though I still use FF. In this post I did learn that I can use some mod to let FF newer than v13 or 14 on my older systems. But that means a new learnign curve to work thru. And it seems to mean that I would have to put up with forced updates. That is one of the very BAD things that FF has introduced. Sometimes change for the sake of change is really not worth it. Yet Mozilla seems to have forgotten what got us interested in the beginning. Glitz was not why we became involved with FF. It was what used to be a soundly put together program. We did not want much of what FF seems to have become now. And the current sitution makes many of us question the soundness of the FF approach to development along with the money that FF accepts. Guess that's a bit of a rant. But what I've seen & read about that's happenign with FF has been disappointing. Sam177
Tyler Downer
  • Top 25 Contributor
  • Moderator
1530 solutions 10669 réponses

I'm not going to argue this with you, just give you some facts. Updating isn't optional anymore, staying on out of date versions of software is bad for the web and impacts more users than just you. Leaving security holes open on your machine (Nearly all the ones listed at https://www.mozilla.org/security/known-vulnerabilities/firefox.html) that Anti-virus doesn't protect you from, also impacts all the other users of the web who can then be attacked from your machine. Secondly, using old versions of Browsers forces web developers to continue supporting ancient technologies that hinder the progress of the web.

Also, on Windows XP, Firefox 27 (the latest) runs just fine, and there are no plans to end support for Windows xp. Even Windows 2000 can run up to Firefox 12 (still safer and better than Firefox 3.6). Yes there is a bit of a learning curve going from Firefox 3.6 to 27, but it's not significant, you can install add-ons to make it look the same as Firefox 3.6, and even though Firefox updates every 6 weeks, most of those updates don't change anything user visible, but contain performance improvements, bug fixes and web technology changes.

I'm not going to argue this with you, just give you some facts. Updating isn't optional anymore, staying on out of date versions of software is bad for the web and impacts more users than just you. Leaving security holes open on your machine (Nearly all the ones listed at https://www.mozilla.org/security/known-vulnerabilities/firefox.html) that Anti-virus doesn't protect you from, also impacts all the other users of the web who can then be attacked from your machine. Secondly, using old versions of Browsers forces web developers to continue supporting ancient technologies that hinder the progress of the web. Also, on Windows XP, Firefox 27 (the latest) runs just fine, and there are no plans to end support for Windows xp. Even Windows 2000 can run up to Firefox 12 (still safer and better than Firefox 3.6). Yes there is a bit of a learning curve going from Firefox 3.6 to 27, but it's not significant, you can install add-ons to make it look the same as Firefox 3.6, and even though Firefox updates every 6 weeks, most of those updates don't change anything user visible, but contain performance improvements, bug fixes and web technology changes.

Auteur de la question

Tyler,

No desire to argue either. I appreciate your reply. And btw, I do date back to the days of Netscape and I probably have nearly the first versions of FF most likely still on old backup HDs.

However, I have to say that NO ONE is attacked from our machines. The firewall is NOT a MS product. And nothing calls out that is not given permission, going somewhere we want it to go & doing something we want it to do. Witness the original reason for this "Stop FF from calling out" forum post. That seems to have happened during a machine rebuild when the Latest News bookmark ended up duplicated toward the middle of the transferred bookmarks file.

While I agree that staying up to date is very important. Forced updates by any program are unacceptable. Too often over "enthusiastic" developers fail to look deep enough before pushing their latest update. The rule of thumb is, for example with MS updates, is to wait til the Friday after Black Tuesday before blindly allowing their latest update. After all we are the ones who have to fix the machines that bad updates break.

Does this fit 90-95% of the web users? Well NO is that answer. But please remember that there are still a lot of us out here who have been doing this for a very long time. And we are very suspicious and wary of the latest & greatest.

You may be surprised that we still do not allow Flash or any Adobe products on our work machines. The only exception is the photo production machine which runs Adobe CS Photo Shop & DreamWeaver. both of which are blocked from the network.

It would be my hope that FF will settle down a bit and spend more effort on security and take a position of establishing better standards for developments. How about just working toward a non-proprietary Flash handler. I would think FF staff could certainly write an image etc display program which was not as invasive and had less than the average of 17 vulnerabilities each year.

As I have time, I will take your advice explore trying to use a newer FF and I may have questions along the line which you might help with.

regards,

Sam177

Tyler, No desire to argue either. I appreciate your reply. And btw, I do date back to the days of Netscape and I probably have nearly the first versions of FF most likely still on old backup HDs. However, I have to say that NO ONE is attacked from our machines. The firewall is NOT a MS product. And nothing calls out that is not given permission, going somewhere we want it to go & doing something we want it to do. Witness the original reason for this "Stop FF from calling out" forum post. That seems to have happened during a machine rebuild when the Latest News bookmark ended up duplicated toward the middle of the transferred bookmarks file. While I agree that staying up to date is very important. Forced updates by any program are unacceptable. Too often over "enthusiastic" developers fail to look deep enough before pushing their latest update. The rule of thumb is, for example with MS updates, is to wait til the Friday after Black Tuesday before blindly allowing their latest update. After all we are the ones who have to fix the machines that bad updates break. Does this fit 90-95% of the web users? Well NO is that answer. But please remember that there are still a lot of us out here who have been doing this for a very long time. And we are very suspicious and wary of the latest & greatest. You may be surprised that we still do not allow Flash or any Adobe products on our work machines. The only exception is the photo production machine which runs Adobe CS Photo Shop & DreamWeaver. both of which are blocked from the network. It would be my hope that FF will settle down a bit and spend more effort on security and take a position of establishing better standards for developments. How about just working toward a non-proprietary Flash handler. I would think FF staff could certainly write an image etc display program which was not as invasive and had less than the average of 17 vulnerabilities each year. As I have time, I will take your advice explore trying to use a newer FF and I may have questions along the line which you might help with. regards, Sam177
Tyler Downer
  • Top 25 Contributor
  • Moderator
1530 solutions 10669 réponses

Just an FYI, We are working on a Flash replacement using Open Web Standards (just like we did not too long ago with an Open PDF Reader) called Shumway. It is a WIP right now, but expect to hear more about it towards the end of the year. And we do focus on stability and security with every release, Have you experienced problems with recent Firefox releases being insecure or dramatically unstable? You don't have to update the day of release, we always throttle updates for a week after releasing them to make sure there are no issues we missed before allowing all Firefox installs to update automatically.

Just an FYI, We are working on a Flash replacement using Open Web Standards (just like we did not too long ago with an Open PDF Reader) called Shumway. It is a WIP right now, but expect to hear more about it towards the end of the year. And we do focus on stability and security with every release, Have you experienced problems with recent Firefox releases being insecure or dramatically unstable? You don't have to update the day of release, we always throttle updates for a week after releasing them to make sure there are no issues we missed before allowing all Firefox installs to update automatically.

Auteur de la question

Tyler,

Glad to hear about FF working on a replacement for Adobe Flash. I take a lot of guff by blocking that one. I'll look up the pdf handler Shumway. We use FoxIt. it's been decent but is now getting more bloated.

As to experiencing update issues directly: Well I have repaired a number of other small businesses' and neighbors' machines from "suddenly developed anomalies" with their browser (all were FF users). Most of that was a while ago, but after the 3.6 series was the current series. I never pursued the issues to determine what went wrong but in well over 90% of the cases it seemed to have happened shortly after the user accepted an update. And I no longer will work on others machines that have issues like that.

And I still believe that you should give us the ability to determine when we accept any update; that updates for security should be separate from the "latest stuff" updates. If we were a larger company or I had a larger family ("only" 7 or 8 "home" machines now), I would be very disturbed to think that any day, I might walk in and find that some portion of last night's stable machines had been forced to update any product. We just can't take the time for that. Neither can we take the time to deal with changes that causes any issues for the users we serve. Even with my relatively small stable of machines, dealing with surprises is neither fun nor productive.

I understand there was an "enterprise" series available for a while. However at that time, we here could not use it because we still do run some work machines with W2k.

I appreciate the dialog. Fell free to keep in touch directly. As a Mod & Admin, I expect that you can get my email address from the forum profile.

regards

Sam177

Tyler, Glad to hear about FF working on a replacement for Adobe Flash. I take a lot of guff by blocking that one. I'll look up the pdf handler Shumway. We use FoxIt. it's been decent but is now getting more bloated. As to experiencing update issues directly: Well I have repaired a number of other small businesses' and neighbors' machines from "suddenly developed anomalies" with their browser (all were FF users). Most of that was a while ago, but after the 3.6 series was the current series. I never pursued the issues to determine what went wrong but in well over 90% of the cases it seemed to have happened shortly after the user accepted an update. And I no longer will work on others machines that have issues like that. And I still believe that you should give us the ability to determine when we accept any update; that updates for security should be separate from the "latest stuff" updates. If we were a larger company or I had a larger family ("only" 7 or 8 "home" machines now), I would be very disturbed to think that any day, I might walk in and find that some portion of last night's stable machines had been forced to update any product. We just can't take the time for that. Neither can we take the time to deal with changes that causes any issues for the users we serve. Even with my relatively small stable of machines, dealing with surprises is neither fun nor productive. I understand there was an "enterprise" series available for a while. However at that time, we here could not use it because we still do run some work machines with W2k. I appreciate the dialog. Fell free to keep in touch directly. As a Mod & Admin, I expect that you can get my email address from the forum profile. regards Sam177
James
  • Moderator
1596 solutions 11246 réponses

It is possible to run current Firefox on Win2k as per http://forums.mozillazine.org/viewtopic.php?f=37&t=2482475

Otherwise a possibility is to dual boot with a current Linux distro with a light desktop environment like Xfce in order to be able to run current Firefox like 27.0.1 (or even the Firefox 24 ESR as 24.4.0esr will be out when 28.0 is released) and be much more safe in connecting online.

The ancient Firefox 3.6 was originally going to end as of Firefox 3.6.19 (July 11th, 2011) but it was kept alive after Firefox 4.0 was released and 3.6 later ended as of 3.6.28 on March 13th, 2012.

It is possible to run current Firefox on Win2k as per http://forums.mozillazine.org/viewtopic.php?f=37&t=2482475 Otherwise a possibility is to dual boot with a current Linux distro with a light desktop environment like Xfce in order to be able to run current Firefox like 27.0.1 (or even the Firefox 24 ESR as 24.4.0esr will be out when 28.0 is released) and be much more safe in connecting online. The ancient Firefox 3.6 was originally going to end as of Firefox 3.6.19 (July 11th, 2011) but it was kept alive after Firefox 4.0 was released and 3.6 later ended as of 3.6.28 on March 13th, 2012.