dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3073
redwolfe_98
Premium Member
join:2001-06-11

redwolfe_98

Premium Member

FF 36 Issue

CHXIFF0224.txt
156,492 bytes
since installing FF 36, via FF's updater, i have been seeing all kinds of "garbage" in my firewall-logs, where FF 36 is neverendingly trying to make IGMP and UDP outbound connections..

i am attaching a sample of my firewall-log.. i edited out my local IP address..
Frodo
join:2006-05-05

1 edit

Frodo

Member

I'm sitting with two running instances (under two ids). I can't kill them is process explorer or task manager. I hit them with a suspend in process explorer. Thread count shows one thread active in each. As far as the prior complaint is concerned, I think port 1900 is Upnp
edit:
Figure this one out:
c:\bin>taskkill /F /im firefox.exe
ERROR: The process "firefox.exe" with PID 5996 could not be terminated.
Reason: There is no running instance of the task.
ERROR: The process "firefox.exe" with PID 4848 could not be terminated.
Reason: There is no running instance of the task.
 
If there is no running instance, how did taskkill figure out the pids were 5996 and 4848?
redwolfe_98
Premium Member
join:2001-06-11

1 edit

redwolfe_98

Premium Member

yes, according to "GRC", port 1900 is for UPNP..

i have UPNP disabled on my computer..

i use a program that monitors files on my computer and it showed that FF 36 had about 32 additional new files which FF 35 didn't have... (unfortunately, i didn't save a log of those files)..

randavis
74 Challenger 440 4bbl
join:2000-01-19
Blue Springs, MO

randavis to redwolfe_98

Member

to redwolfe_98
Do you have anything checked in Options > Advanced?

Do you have sync setup?
Frodo
join:2006-05-05

1 edit

Frodo to redwolfe_98

Member

to redwolfe_98
After reboot, which entailed hitting the power button at some point, restarted, and the sucker runs. Brought it up, ran it, and shut Firefox down and it shut down cleanly. The other runs were on seldom used profiles, the ones only used when I use the update function in the about page. Those are pretty clean profiles. Running fine however on my well used profile. I think I'll bring up wireshark and see if I'm getting that port 1900 crap.

Edit: no port 1900 traffic or other unusual traffic found.
jupitermoon
join:2011-09-27

jupitermoon to redwolfe_98

Member

to redwolfe_98
Check this thread over at mozillaZine:

»forums.mozillazine.org/v ··· 14012003

It appears to be a discovery request for Send Video to Device, which is related to the Firefox for Android Roku streaming service. As of yet, there doesn't seem to be a way to turn it off.
redwolfe_98
Premium Member
join:2001-06-11

1 edit

redwolfe_98

Premium Member

said by redwolfe_98:

FF 36 had about 32 additional new files which FF 35 didn't have

i was wrong about that.. there were only 4 new files in the firefox folder, plus an additional folder within the firefox folder:

d3dcompiler_47.dll
msvcp120.dll
msvcr120.dll
voucher.bin

gmp-clearkey: Directory was created
----------------------
the other files were only "modified", not newly created..

seeing that stuff in my firewall-log bothered me.. for one thing, i was seeing between 4 and 8 attempted connections per second, constantly.. that wasn't going to be good..

after reading the stuff that "jupitermoon" referenced, i understood it better.. for one thing, it was said that all of the connections actually were local, so that would make me feel more comfortable about allowing them..

i had already gone to the trouble of uninstalling FF 36 and reinstalling FF 35.0.1 before i saw jupitermoon's post.. now i have updated to FF 36, again, and i created some rules in my firewall to allow the connections that FF 36 was trying to make..

i made one out-bound rule for IGMP, which was being blocked.. apparently a rule for a corresponding inbound connection wasn't needed..

i also made a rule for the out-bound UDP connection to remote port 1900, and then waited to see if anything was logged as being blocked.. what was interesting was that i had to make a corresponding UDP-inbound rule with my own IP address as the remote IP address and the "remote" IP address as my local IP address.. in other words, it looked backwards, but that was what was needed in order for no connections to be blocked..

so i have a rule for UPD-out to a "remote" IP address, and a rule for a UDP-in with my local IP address as the remote IP address and with the remote IP address as my local IP address.. it is very confusing, to me, even though it is just two firewall-rules.. like i said, it looks backwards, which makes it confusing..

there isn't a "loop", like you would expect, where there is a connection to a remote IP address and then a response from the remote IP address.. instead, i have an inbound connection from my local IP address (funtioning as a remote IP address), with the remote IP address functioning as the local IP address.. see? it is confusing..
redwolfe_98

1 edit

redwolfe_98 to Frodo

Premium Member

to Frodo
said by Frodo:

Edit: no port 1900 traffic or other unusual traffic found

apparently you didn't see it, but it is there, assuming that you have FF 36 installed..

you can use "TCPView" or "currports" to see FF make the UDP-connections on port 1900.. it will only show for a "split second" and, from what i read, the connections only occur once every 2 minutes, under normal circumstances..

here are the firewall-rules that i needed, on my computer, in order for the connections that FF was making to not be blocked:

IGMP
local IP address out to remote IP address 224.0.0.22 (no ports specified)

UDP/SSDP
local IP address port 1900 out to 239.255.255.250 port 1900
local IP address port 1900 "IN" to 239.255.255.250 port 1900
-----------------------------

apparently mozilla has built something into FF 36 for streaming video to "roku" and "chromecast", which is the reason for these new connections that FF 36 is making..

here is a related article that i pulled up, just now:

»www.ghacks.net/2014/09/0 ··· t-works/

while the article is about "firefox for android", apparently the same feature has now been built into the regular "windows desktop" version of FF 36..

»forums.mozillazine.org/v ··· 14012003

»bugzilla.mozilla.org/sho ··· =1054959
Frodo
join:2006-05-05

Frodo to redwolfe_98

Member

to redwolfe_98
I just fired it up, and fired up TCPview and sorted by process, so all the Firefox connections would show together. I'm seeing 4 TCP connections and no UDP.

OK - wait a minute, the port 1900 UDP just showed up now. And like you, I don't have the UpnP services running, since my modem doesn't have UpNP capability. Maybe I'll firewall it. It's growing - now I have 3 1900 ports showing in TCPview.

Oh great. I have a program that will "tie up" port 1900 so Firefox can't bind to it. But, the firefox shutdown problem has returned, so it isn't shutting down. I think I'll be using Palemoon for a while.
redwolfe_98
Premium Member
join:2001-06-11

redwolfe_98

Premium Member

frodo, i don't think you have to worry about the UDP/SSDP connections that FF 36 makes since they are "local", or "internal", at least that is what i read, that those connections are internal..

it doesn't seem to matter if the UPNP and SSDP "services" are disabled (i am not seeing any "errors" in windows "event viewer" ).. also, since the connections are internal, they never pass through your modem, so it wouldn't matter if your modem doesn't support UPNP, either..

as long as the connections aren't blocked, i don't think that they are a problem.. if they are blocked, then FF will constantly, repeatedly try to make the connections, which i think would be a problem.. at least it would bug me, knowing that the attempted connections were constantly being made, and constantly being blocked..

i think someone will come up with a way to turn that crap off.. in the meantime, i don't think it is a problem-as long as the connections aren't blocked..

regarding the issues that you are having with the FF 36 program, i think that there must be something wrong with the installation on your computer and my advice would be to try uninstalling "FF 36" and then doing a "clean" reinstall of the program.. as far as i know, no one else is reporting having problems with FF 36, other than the concern about the UDP/SSDP connections..

unless there is something screwy with the way that you have things set up on your computer, like if you have 8 different flavors of the firefox browser installed, as some people seem to do, i don't think you will have a problem with FF 36..
Frodo
join:2006-05-05

Frodo

Member

On my system, firefox malfunctions once the port 1900 activity starts. TCPview was showing 25 port 1900s when I rebooted to clear out the process. On the other hand, if I run a small separate process that binds to UDP 1900, Firefox can't bind to the same port and has been running successfully.

So, I'm going to have to figure out how to shut off this SSDP stuff, or continue to run my separate program. But, thanks for pointing out that port 1900 stuff. While I have a separate problem, that new improvement to Firefox is the reason.
jupitermoon
join:2011-09-27

jupitermoon

Member

A bug report was filed last December to add an option to disable the SSDP requests. It's not assigned to anyone and there are only 3 comments to the original post.

»bugzilla.mozilla.org/sho ··· =1111967

bcool
Premium Member
join:2000-08-25

1 edit

bcool to redwolfe_98

Premium Member

to redwolfe_98
Windows 7 Windows Firewall immediately presented notification that the UDP/SSDP connections for (in my case a private build) Firefox "Nightly" 36.0 for "local" / "internal" I think I actually read word "Private" network. At any rate, I did not change the rule and so far can't detect any problem running FF private build. FWIW

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to redwolfe_98

Premium Member

to redwolfe_98
It would seem that the new breach is required for the Hello in-browser chat bit that Mozilla have inserted with little adieu but with zero transparency.

Toggling the suggested about:config bit as suggested here - hides Hello but doesn't remove the firewall breach.
(Note this is a community based suggestion and not officially sanctioned by Mozilla)
»support.mozilla.org/en-U ··· /1043588

I've reverted to FF 35.01 as I'd sooner run a less safe browser than one that's pinholed my firewall.

Some of the Moz bugs read as if Moz wanted MS to whitelist the F/W exception.

»bugzilla.mozilla.org/sho ··· =1136772
»bugzilla.mozilla.org/sho ··· =1086278
»bugzilla.mozilla.org/sho ··· =1054959
siljaline

1 recommendation

siljaline to redwolfe_98

Premium Member

to redwolfe_98
If anyone's reverted to FF35.01 - doing a Plugin check will invoke a D/L the newest version.

M_
join:2010-05-01
Vancouver, BC

M_ to redwolfe_98

Member

to redwolfe_98
One Two punch.

bcool
Premium Member
join:2000-08-25

bcool to redwolfe_98

Premium Member

to redwolfe_98
I was actually on a private build 31.x series when I decided yesterday to take the leap to 36.0. Unfortunately for the moment, too many "connectivity issues" which disappeared the instant I reverted to Firefox Nightly 31.5. I might even be ok if I wanted to try 35.01 but just not motivated...

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to redwolfe_98

Premium Member

to redwolfe_98
Surprised that this has not got more traction as Chat | Hello is pinholing your firewall and Mozilla didn't tell us how to turn it off other than - do it yourself assuming you can or know how to.

Phoenix22
Death From Above
Premium Member
join:2001-12-11
SOG C&C Nrth

1 edit

Phoenix22 to siljaline

Premium Member

to siljaline
AnOpenLetter2 the MozillaTeam

Subject: FF36.0

folks,

I gotta tell ya in my experience FF Browsers have been just great and i went to great lengths.....starting 6years ago downloading a stripped down FF version and turning it in to a highly technical browsing machine.

However, with the update to FF36........this is where that train has finally, and not unexpectedly, derailed and burned.........I tried multiple refreshes............stripped the registry bare.....2x.....re-installed FF36 2x over 3daze.........and I finally woke up, duh!

Stripped the registry bare again and did the REVERT to FF35.0.1.......copied and pasted my old profile with all the hard work of tried, tested, and true add-ons.......I LIKE...........and voila..........we have lift off.......and Faster than I was B4 your clutter and THOROUGH DESTRUCTION of a great browser.......

I suppose at my age ........a Firefox drill didn't hurt........like goin' 2the range once a month...........but I will say this........ the update to future versions will be scrutinized thoroughly...... I have a very fast and complex system........I don't appreciate having to chase down a browser.........we have a wheel........stop tyrin' to re-invent it!
regards,
jd

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

1 recommendation

siljaline to redwolfe_98

Premium Member

to redwolfe_98

Firefox Infernal Update
As a result of yet another phone-home metrics debacle that Mozilla won't fess up to I've
turned off auto-majic updating or what is more commonly known as internal updating.

As noted elsewhere in this thread, the last version of Firefox that doesn't allow the Hello | Chat bits that pinhole your firewall is Firefox 35.01

Phoenix22
Death From Above
Premium Member
join:2001-12-11
SOG C&C Nrth

1 edit

Phoenix22

Premium Member

and i'd recommend revertin' back to FF35.0.1
jupitermoon
join:2011-09-27

1 recommendation

jupitermoon

Member

Normally I don't point out typos, but four different people have referred to the last version as Firefox 35.01. It's actually Firefox 35.0.1. Ok, nuff said, now I'm outta here...

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline

Premium Member

Point made

Phoenix22
Death From Above
Premium Member
join:2001-12-11
SOG C&C Nrth

Phoenix22 to jupitermoon

Premium Member

to jupitermoon
happy now..........?
point taken and repaired..........dusted the system2

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to redwolfe_98

Premium Member

to redwolfe_98
Firefox 36.0.1 still pinholes the firewall as per my screen capture noted already in this thread
Frodo
join:2006-05-05

Frodo

Member

I still have a port 1900 issue with Firefox. Once it allocates a port 1900, all connectivity from Firefox is lost. It starts accumulating additional port 1900 binds, according to Tcpview.

It's been working fine so long as it can't bind to port 1900. I have a small program that will allocate the port. It just listens for connections on the port - won't do anything if it receives a connection.


With this program tying up the port, Firefox can't bind to the port, and otherwise runs fine. I didn't see anything in their release notes addressing this issue, so I wasn't optimistic about seeing a fix.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline

Premium Member

As long as Mozilla is listening or trying to - so long Firefox Browser and looking for another options.

Firefox on endangered species list
jupitermoon
join:2011-09-27

1 edit

1 recommendation

jupitermoon to siljaline

Member

to siljaline
Not going to happen for Firefox 36. There's a tracking flag in bug 1111967 for Firefox 37 with a question mark and one for bug 1136772 for Firefox 36 with a wontfix.

When asked if they would consider adding a pref to disable SSDP in Firefox, Brad Lassey responded:
quote:
No objection to adding a pref, but I don't think this is something we want to turn off by default or require a user to manually scan for. I believe local network device discovery is something we're going to be doing more and more of going forward. That said, its not my call.
Looks like we're going to see more of this type of behavior in future releases...

This has kept me from updating to Firefox 36 yet—even for testing.
Frodo
join:2006-05-05

Frodo

Member

They better add a pref in the ESR versions, otherwise my employer will discard Firefox. There is no way they'll tolerate that kind of traffic on the LAN. (My employer uses the CCK2 application to configure our Firefoxes).

Phoenix22
Death From Above
Premium Member
join:2001-12-11
SOG C&C Nrth

Phoenix22 to siljaline

Premium Member

to siljaline
it would seem we are in a maze at the moment