如何进一步确定恶意Firefox(上传)进程在做什么

配置和发布

我有2011年末的MBP,运行Mac OS X 10.7.5、2.3 GHz Intel Core i5、16GB 1600 MHz DDR3。

我刚刚将firefox 20更新为25,v 20也出现了此问题。

当我上传文件或仅进行常规浏览时,有时我会遇到一些firefox进程,这些进程开始占用CPU周期,因此,我的粉丝开始旋转起来。

如果我退出Firefox,进程将保持活动状态。

到目前为止,这是我所做的:

ps aux | grep Firefox

macbook-pro:~ <my user>$ ps aux|grep firefox
<my user>  29061  84.7  0.0  3699392    304   ??  R     7:10am  22:13.43 /Applications/Firefox.app/Contents/MacOS/firefox -psn_0_7837561
<my user>  29063  84.0  0.0  3701448    304   ??  R     7:10am  22:11.08 /Applications/Firefox.app/Contents/MacOS/firefox -psn_0_7837561
<my user>  29060  83.9  0.0  3698344    304   ??  R     7:10am  22:10.60 /Applications/Firefox.app/Contents/MacOS/firefox -psn_0_7837561
<my user>  29068  83.4  0.0  3701448    304   ??  R     7:10am  22:10.83 /Applications/Firefox.app/Contents/MacOS/firefox -psn_0_7837561
<my user>  29161   0.6  0.0  2434892    548 s002  S+    7:39am   0:00.00 grep firefox

top -o cpu

Processes: 119 total, 6 running, 2 stuck, 111 sleeping, 496 threads                                                                                                 08:06:00
Load Avg: 4.37, 4.38, 4.30  CPU usage: 61.74% user, 36.1% sys, 2.23% idle   SharedLibs: 1944K resident, 0B data, 0B linkedit.
MemRegions: 34474 total, 1609M resident, 56M private, 1254M shared. PhysMem: 1943M wired, 3222M active, 1978M inactive, 7143M used, 9239M free.
VM: 316G vsize, 1092M framework vsize, 6367238(0) pageins, 189344(0) pageouts. Networks: packets: 19241649/15G in, 16860749/7587M out.
Disks: 2829594/65G read, 2171245/68G written.

PID    COMMAND      %CPU      TIME     #TH  #WQ  #POR #MREG RPRVT  RSHRD  RSIZE  VPRVT  VSIZE  PGRP  PPID  STATE    UID  FAULTS    COW     MSGSENT     MSGRECV     SYSBSD
29063  firefox      82.2      44:11.02 1/1  0    9    2677  9724K  397M   304K   11M    3615M  28962 1     running  503  85        20      16          8           3
29061  firefox      82.2      44:15.85 1/1  0    9    2675  9252K  397M   304K   10M    3613M  28962 1     running  503  85        36      16          8           3
29068  firefox      81.9      44:10.64 1/1  0    9    2677  11M    397M   304K   13M    3615M  28962 1     running  503  85        17      16          8           3
29060  firefox      81.7      44:09.96 1/1  0    9    2671  9820K  397M   304K   10M    3612M  28962 1     running  503  85        35      16          8           3
29089  top          10.7      05:43.93 1/1  0    49   32    2476K  216K   3180K  18M    2378M  29089 29083 running  0    2238348+  84      227566032+  113774272+  1011116+

我还打开了所有相关过程。没有正在访问的文件。

例如,以下内容什么都不显示:

bash-3.2# opensnoop -p 29063
  UID    PID COMM          FD PATH 

dmesg中没有任何相关性。

bash-3.2#cat /var/log/system.log|grep火产生:

Nov  7 06:23:10 ff-macbook-pro [0x0-0x779779].org.mozilla.firefox[28962]: FoxyProxy settingsDir: /Users/michaelpeters/Library/Application Support/Firefox/Profiles/w5sjmxcx.default/foxyproxy.xml
Nov  7 07:11:10 ff-macbook-pro firefox[28962]: timed out waiting for helper registration
Nov  7 07:11:35 ff-macbook-pro firefox[28962]: invalid context
Nov  7 07:12:32 ff-macbook-pro firefox[28962]: invalid context
Nov  7 07:37:13 ff-macbook-pro firefox[28962]: invalid context
Nov  7 07:37:25 ff-macbook-pro [0x0-0x779779].org.mozilla.firefox[28962]: NOTE: child process received `Goodbye', closing down

In the past I have just cleaned up the processes with kill -s 9 but it would be nice to know what is going on.

我可以采取哪些下一步措施来帮助我理解这种行为?如果它看起来像一个错误,我很乐意提交给mozilla社区。

更新:

我已经尝试过安全模式,但该行为仍然存在,但是绝对是上载过程: 当我将文件上传到网站时,firefox会生成以下过程,每个文件一个:

   5134  92.5  0.0  3829668    308   ??  R     6:31pm   6:53.37 /Applications/Firefox.app/Contents/MacOS/firefox -psn_0_135201
   5130  91.7  0.0  3826524    308   ??  R     6:31pm   6:53.18 /Applications/Firefox.app/Contents/MacOS/firefox -psn_0_135201
   5135  89.8  0.0  3831244    308   ??  R     6:31pm   6:52.96 /Applications/Firefox.app/Contents/MacOS/firefox -psn_0_135201

如果我关闭firefox,则进程从-psn变为-foreground,如下所示,新的firefox会话几乎完全不使用cpu周期。

ps aux | grep火

   5191  99.9  0.0  3516256    292   ??  R     6:41pm   8:03.21 /Applications/Firefox.app/Contents/MacOS/firefox -foreground
   5184  99.9  0.0  3501868    292   ??  R     6:41pm   8:03.11 /Applications/Firefox.app/Contents/MacOS/firefox -foreground
   5234   0.3  0.8  3466336 138620   ??  S     6:49pm   0:02.43 /Applications/Firefox.app/Contents/MacOS/firefox -psn_0_897243