Mozilla will shut down Pocket’s services on July 8, 2025. At that time users will no longer be able to access the Pocket website, apps and API. You can export your saved items and API data until October 8, 2025 before they are permanently removed. For more information, see this article.

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

firefox opens a UDP listening port a.k.a backdoor on all network interfaces

On ubuntu oracular 24.10, when firefox is launched, it tries to open a UDP listening port on all network interfaces which is not acceptable on many levels:

/usr/bin/netstat -tunpevaW|grep firefox udp 0 0 0.0.0.0:48654 0.0.0.0:* 1000 881247 178766/firefox

Is this behavior specific to Ubuntu or is it implemented by design? This must be a no go by design: if it needs a UDP port for some reason, it has to open it on the **loopback interface (127.0.0.1)** only.

On ubuntu oracular 24.10, when firefox is launched, it tries to open a UDP listening port on all network interfaces which is not acceptable on many levels: /usr/bin/netstat -tunpevaW|grep firefox udp 0 0 0.0.0.0:48654 0.0.0.0:* 1000 881247 178766/firefox Is this behavior specific to Ubuntu or is it implemented by design? This must be a no go by design: if it needs a UDP port for some reason, it has to open it on the **loopback interface (127.0.0.1)** only.

Modified by jean-christophe manciot

All Replies (3)

Hi Jean-Christophe!

I found this post about this: https://unix.stackexchange.com/a/769645 According to this and others I found, these are most likely used by HTTP/3, which is partially UDP-based. So this isn't Ubuntu-specific at all.

Regards, Balázs

Modified by Balázs Meskó

Helpful?

Chrome supports HTTP/3 out of the box (which can be checked at https://quic.nginx.org for instance) and does not open UDP or TCP listening ports on all network interfaces:

# /usr/bin/netstat -tunpevaW|grep chrome | grep -P "^(udp|tcp)[[:blank:]]+0[[:blank:]]+0[[:blank:]]+0\.0\.0\.0:"
# 


The HTTP/3 argument does not stand.

Modified by Balázs Meskó

Helpful?

I can't find any authoritative source, so you can disagree, but it is indeed HTTP/3. If you disable it in about:config no new ports are in netstat's output.

My guess is Chromium's implementation of QUIC is slightly different.

Modified by Balázs Meskó

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.