I use an old web-browser Galeon. Turns out it is compromised, at least, it might be? Sometimes I run netstat. When starting up, the browser connects to various machines, it seems someone is tunneling to my machine. Except for leaking information, of a maybe hopefully expensive compiler, and connecting to machines I might not like, I don't think a lot has happened.
Its a Unix machine, so people can do 'everything' on my machine remotely, so that's usually pretty bad. It happened before. Ten years ago when I had a server with a broadband connection, scripted hacking attempts averaged about 3-10 times a day since outside hackers can only see its a Unix machine and subsequently assume its a company server since they can hardly differentiate. But I never had anything worthwhile on my machine, so, then it was a whatever.
See if there's a rootkit installed. There don't seem to be extra files.
Its either in the Mozilla package or Javascript engine. Its pretty much confirmed, even when loading a trivial file, after a while, tcpdump shows that http connections are opened to a series of machines and there's a lot of information going over them continuously.
Its always pretty bad under linux, only a complete reinstall fixes it, and I don't feel like.
Guess I'll second check. It might just be Mozilla pinging home.