I have historically been lax about disabling the plugins that come with browser installations, even though I know they are exploit targets. My brand new FreeBSD 8.2 installation was one that I soon embellished with Firefox 7 and (of course) the PF firewall. Well, the default plugins for Firefox seem innocuous enough (The DivXA, Quicktime, VLC Multimedia, and the Win Media Player compatible plugin). Firefox 7 has the new (very nice) capability to run plugins in separate processes. This capability is what alerted me to the deluge of connections being made out of the browser via the plugins (browser out-flow traffic goes through my pf rule-set, of course). Occasionally, the plugin-container processes in the connection list were double or triple the base process connections. I was visiting sites that (I think) were not providing content for the listed plugins (Google, FreeBSD.org, NPR.org, etc.) I should note that I was doing this in a WIFI cafe (hacker heaven). Does Firefox have some hidden plugin, was I being hacked, or do these plugins handle mime types that I don't know about? I disabled all of the plugins in Tools:Addons, set ipc_plugins_enabled to false, along with various other plugin related switches in about:config. Now I never see the plugin container as a connection, and my content still displays fine. Am I unduly alarmed?