Some spammer's have gotten hip to sigs being closed to BB and or HTML. They have gotten sneaky and draw a line that matches the line VB
uses to seperate the body of the post from the sig. They then put their url's in that fake end of the post make you think it's a hot link in the sig.
Sneaky. Very very sneaky. You have to be alert to the format of the post to be sure you don't get slapped with a tainted link.
As for you seeing sigs as hotlinks when they're not, has to be a function turned on in FF. Go back through your set up and I'd bet real money you find something you have turned on that you missed.