Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Mozilla Blocks Malicious Firefox Add-Ons Abusing Proxy API

The open-source Mozilla Foundation says it blocked a series of malicious Firefox add-ons that misused the proxy API that extensions use to proxy web requests.

The API allows add-ons to control the manner in which the browser connects to the Internet, and some extensions were found to abuse this.

The open-source Mozilla Foundation says it blocked a series of malicious Firefox add-ons that misused the proxy API that extensions use to proxy web requests.

The API allows add-ons to control the manner in which the browser connects to the Internet, and some extensions were found to abuse this.

Specifically, the manner in which the offending add-ons interacted with the API prevented users from accessing updated blocklists, from downloading updates, and from updating content remotely configured.

According to Mozilla, a total of 455,000 users downloaded and installed the malicious add-ons before the browser maker was able to block the extensions.

Furthermore, the organization paused approvals for add-ons relying on the proxy API to ensure that necessary fixes are available for all users first.

“Starting with Firefox 91.1, Firefox now includes changes to fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails,” Mozilla explains.

Users are advised to update to a newer version of Firefox as these newer releases feature an updated blocklist to automatically disable the malicious add-ons.

The malicious add-ons — namely Bypass (ID: {7c3a8b88-4dc9-4487-b7f9-736b5f38b957}) and Bypass XM (ID: {d61552ef-e2a6-4fb5-bf67-8990f0014957}) — can also be disabled and removed manually if the automatic process fails.  

Advertisement. Scroll to continue reading.

Developers of add-ons that require the use of the proxy API should immediately start including a strict_min_version key in the manifest.json files, as this will help expedite add-on reviews.

Related: Firefox 93 Improves Protection Against Tracking, Insecure Downloads

Related: Firefox 91 Brings New Privacy, Security Improvements

Related: Firefox 90 Drops Support for FTP Protocol

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.