Web browsers make two types of connections. First connections initiated by the user of the browser, for instance when an url is entered into the address bar of the browser or when a link is clicked on, and then automatic connections for a variety of reasons.
Some power browser updates, other may retrieve certificates or verify if a page is malicious or not. While some browsers give you some control, it is Firefox that gives you more control over this automated behavior than any other popular web browser.
Mozilla has created a support page that lists all the connections that Firefox make without explicit permission of the user. As you can see, quite a few are listed there.
While some are enabled after user activity, for instance adding live bookmarks to the browser, others are enabled by default. This guide looks at the latter kind, explains what their use is, and how you can disable them if you do not require them.
The list is not sorted by severity or risks.
One core feature of Firefox is the update checking. The browser checks for core, theme and extension updates regularly and will either download and install those updates automatically, or prompt you instead.
Note: it is generally not suggested to disable the check for updates as security issues will get fixed regularly by browser updates.
For add-ons and themes do the following instead:
You can use about:config to make those changes as well:
The following requests are all made to power various security related features of Firefox.
Safebrowsing: Firefox downloads a Safebrowsing list regularly (it is not clear how often, I have seen values ranging from 30 minutes to once a day) and stores it locally. It will then compare any url you visit with the items on the list, and if it finds a match, connect Google to find out if the url is still on the blacklist or if it has been removed from it.
Phishing: This works in pretty much the same way as safebrowsing. Firefox downloads a phishing protection list regularly while it is running and uses it to determine if websites that you visit are marked as phishing sites. If the site is a hit, Firefox will check online to see if the site is still marked as a phishing site or not.
This means that there are two types of connections made. The first checks for updates and downloads them if available, the second checks a site you are about to visit online against the most recent database.
Mozilla notes that existing Google cookies may be sent in the second case.
To disable both features do the following:
You can disable the options on Firefox's about:config page as well.
This can be useful if you are using a different application, a local security software for example or another browser extension, as protection.
Firefox checks downloads against a local list and classifies them as safe or malware. If it cannot identify a file using the local list, it queries Google's Safe Browsing service by sending metadata to get a verdict on the download.
You may disable this feature on the about:config page by setting browser.safebrowsing.appRepURL to a blank value.
Extension blocklist: Mozilla maintains a blocklist that lists malicious extensions as well as extensions that cause issues in the browser, for instance by consuming a lot of memory or causing stability issues.
If you disable the check, blocked extensions may be run in Firefox which may put your system at risk.
To disable it, you need to use about:config which is explained below.
Firefox makes automated connections to display suggestions in the browser.
Add-on suggestions: Whenever you open the add-ons manager, Firefox will retrieve a list of suggested add-ons.
Search suggestions: Firefox may display suggestions based on what you enter into the search bar. It uses the browser search engine for that which is Google by default.
A list of connections that Firefox makes that don't fall into any of the other categories.
Link prefetching: Websites can provide Firefox with hints as to which page is likely the be accessed next so that it is downloaded right away even if you don't request that link.
DNS Prefetching: Firefox will perform domain name resolutions on links automatically. If you don't want that to happen, do the following:
Seer: Seer is a component of Necko Predictive Network Actions. It keeps track of components that were loaded during the visit of a page on the Internet so that the browser knows next time which resources to request from the web server.
Speculative Pre-connections: When you hover over links, connections are established to linked domains and servers automatically to speed up the loading process should you click on the link.
Add-on metadata updating: Firefox displays information about each add-on that you have installed in the browser. You can click on the more link for instance in the add-on manager to display the author's description. This feature checks for updates to those information.
Firefox Health report and Telemetry data: Firefox may share information with Mozilla about the browser's performance, usage or customizations.
Crash Reporter: Whenever Firefox crashes, reports are send to Mozilla if the Crash Reporter is enabled. To check if it is, go to the data choices page again:
Mozilla Snippets: If you use the default homepage about:home, so-called snippets are displayed that show Mozilla related content. These snippets are updated once a day:
What's New Page: This page highlights new features of the browser after updates and gets loaded automatically from Mozilla.
WebRTC: Web Real-Time Communication is used by Firefox Hello and other extensions and web services. It can leak the local IP address even when it is not used actively.
Send Video to Device: Firefox sends Simple Service Discovery Protocol packages to discover casting devices such as Chromecast or Roku automatically to the local network.