Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Mozilla Blocks Malicious Firefox Add-Ons Abusing Proxy API

The open-source Mozilla Foundation says it blocked a series of malicious Firefox add-ons that misused the proxy API that extensions use to proxy web requests.

The API allows add-ons to control the manner in which the browser connects to the Internet, and some extensions were found to abuse this.

The open-source Mozilla Foundation says it blocked a series of malicious Firefox add-ons that misused the proxy API that extensions use to proxy web requests.

The API allows add-ons to control the manner in which the browser connects to the Internet, and some extensions were found to abuse this.

Specifically, the manner in which the offending add-ons interacted with the API prevented users from accessing updated blocklists, from downloading updates, and from updating content remotely configured.

According to Mozilla, a total of 455,000 users downloaded and installed the malicious add-ons before the browser maker was able to block the extensions.

Furthermore, the organization paused approvals for add-ons relying on the proxy API to ensure that necessary fixes are available for all users first.

“Starting with Firefox 91.1, Firefox now includes changes to fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails,” Mozilla explains.

Users are advised to update to a newer version of Firefox as these newer releases feature an updated blocklist to automatically disable the malicious add-ons.

The malicious add-ons — namely Bypass (ID: {7c3a8b88-4dc9-4487-b7f9-736b5f38b957}) and Bypass XM (ID: {d61552ef-e2a6-4fb5-bf67-8990f0014957}) — can also be disabled and removed manually if the automatic process fails.  

Advertisement. Scroll to continue reading.

Developers of add-ons that require the use of the proxy API should immediately start including a strict_min_version key in the manifest.json files, as this will help expedite add-on reviews.

Related: Firefox 93 Improves Protection Against Tracking, Insecure Downloads

Related: Firefox 91 Brings New Privacy, Security Improvements

Related: Firefox 90 Drops Support for FTP Protocol

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.