I very much doubt that this is even anywhere close to the level of xz. If, big IF, this is some kind of backdoor, then whoever made it didn’t put nearly as much effort into hiding it as they did with xz and it would’ve probably been found already.

No, of course not.

I’d never run any service as root unless it’s absolutey necessary.

I’m actually still baffled by this because I have no idea how this could happen.

A friend of mine suggested that Librewolf may have edited my ufw rules, but unless my understanding of how file permisions in Linux work is fundamentally flawed (without me ever running into problems because of it) that shouldn’t be possible. Especially because ufw status still shows the IP as denied.

I’m thinking about filing a bug report to ufw about this.

Then why was netstat showing an active conection to this server at all times?

Seems that way, as I have not given any website permission to send me notifications.

It seems to be a Mozilla server though, which is just hosted by Google. In my book that doesn’t make it much better though.

That seems to have solved it, thank you.

I completely forgot about the Librewolf FAQ.

I still don’t understand how it got through the firewall though.