While downloading the latest version of Firefox for Mac, i took a peek at the source. The names don't look legit but i am not that familiar with how CDNs work.
I hit download multiple times and found these sources, which i got from the "from" portion:
http://mozilla.mirros.aarnet.edu.au
Is this legit?
When I tried downloading from https://www.mozilla.org/en-US/firefox/fx/ I was pointed to http://mirrors.coreix.net once, then http://mozilla.mirror.nexicom.net/, then http://mozilla.c3sl.ufpr.br. Whether this is the way Firefox's download page is supposed to work or not, I do not know myself.
A more appropriate way to resolve this though, would be to ask: "Where can I find official hashes of the Firefox installation files?". This has been asked and answered on Mozilla's support forums.
Start here, and pick the version of Firefox you want. Then, look for and open a file called MD5SUMS or SHA1SUMS (depending on your preference) in that version's sub-directory. Within that file are hashes for all OS- and language-specific versions of the installer for that edition of Firefox. Find the name of your installer, and compare the hash to one that you run yourself (using your tool of choice) on the file that you've downloaded.
Even better, from that starting point, you can just navigate to the folder that contains the installer you need and download it straight from Mozilla instead of a mirror. You should still verify the file hash as described above.
Still, if you're really paranoid about downloading a virus, you may want to consider this:
Does hashing a file from an unsigned website give a false sense of security?
