dstiles - 9:12 pm on Feb 2, 2012 (gmt 0)
Don't think that's a preview UA. Firefox and Safari are quite different, the latter generally having more exploit holes, which is probably why google uses it. :)
Seriously though, web preview uses applewebkit, which firefox does not. Firefox 4 was a very fleeting update which may still be around on an unpatched linux box (see comments in another thread re: firefox versions). The UA itself varies under translate, being the real user's UA.
Since translate is a proxy, I would expect the FWD_FOR and VIA to be valid, the former showing the user's IP.
Checking through this month's security logs, I see most instances of translate have an inclusion in the VIA field of "translate.google.com TWSFE/0.9" (sans quotes). It has a FWD_FOR of the original user's IP. Only one I can find without is via a WebSense proxy, which has probably hidden the initial IP.