Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Mozilla Blocks Malicious Firefox Add-Ons Abusing Proxy API

The open-source Mozilla Foundation says it blocked a series of malicious Firefox add-ons that misused the proxy API that extensions use to proxy web requests.

The API allows add-ons to control the manner in which the browser connects to the Internet, and some extensions were found to abuse this.

The open-source Mozilla Foundation says it blocked a series of malicious Firefox add-ons that misused the proxy API that extensions use to proxy web requests.

The API allows add-ons to control the manner in which the browser connects to the Internet, and some extensions were found to abuse this.

Specifically, the manner in which the offending add-ons interacted with the API prevented users from accessing updated blocklists, from downloading updates, and from updating content remotely configured.

According to Mozilla, a total of 455,000 users downloaded and installed the malicious add-ons before the browser maker was able to block the extensions.

Furthermore, the organization paused approvals for add-ons relying on the proxy API to ensure that necessary fixes are available for all users first.

“Starting with Firefox 91.1, Firefox now includes changes to fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails,” Mozilla explains.

Users are advised to update to a newer version of Firefox as these newer releases feature an updated blocklist to automatically disable the malicious add-ons.

The malicious add-ons — namely Bypass (ID: {7c3a8b88-4dc9-4487-b7f9-736b5f38b957}) and Bypass XM (ID: {d61552ef-e2a6-4fb5-bf67-8990f0014957}) — can also be disabled and removed manually if the automatic process fails.  

Developers of add-ons that require the use of the proxy API should immediately start including a strict_min_version key in the manifest.json files, as this will help expedite add-on reviews.

Related: Firefox 93 Improves Protection Against Tracking, Insecure Downloads

Related: Firefox 91 Brings New Privacy, Security Improvements

Related: Firefox 90 Drops Support for FTP Protocol

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.