Mozilla Blocks Malicious Firefox Add-Ons Abusing Proxy API

The open-source Mozilla Foundation says it blocked a series of malicious Firefox add-ons that misused the proxy API that extensions use to proxy web requests.

The API allows add-ons to control the manner in which the browser connects to the Internet, and some extensions were found to abuse this.

Specifically, the manner in which the offending add-ons interacted with the API prevented users from accessing updated blocklists, from downloading updates, and from updating content remotely configured.

According to Mozilla, a total of 455,000 users downloaded and installed the malicious add-ons before the browser maker was able to block the extensions.

Furthermore, the organization paused approvals for add-ons relying on the proxy API to ensure that necessary fixes are available for all users first.

“Starting with Firefox 91.1, Firefox now includes changes to fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails,” Mozilla explains.

Users are advised to update to a newer version of Firefox as these newer releases feature an updated blocklist to automatically disable the malicious add-ons.

The malicious add-ons — namely Bypass (ID: {7c3a8b88-4dc9-4487-b7f9-736b5f38b957}) and Bypass XM (ID: {d61552ef-e2a6-4fb5-bf67-8990f0014957}) — can also be disabled and removed manually if the automatic process fails.  

Developers of add-ons that require the use of the proxy API should immediately start including a strict_min_version key in the manifest.json files, as this will help expedite add-on reviews.

Related: Firefox 93 Improves Protection Against Tracking, Insecure Downloads

Related: Firefox 91 Brings New Privacy, Security Improvements

Related: Firefox 90 Drops Support for FTP Protocol