The open-source Mozilla Foundation says it blocked a series of malicious Firefox add-ons that misused the proxy API that extensions use to proxy web requests.
The API allows add-ons to control the manner in which the browser connects to the Internet, and some extensions were found to abuse this.
Specifically, the manner in which the offending add-ons interacted with the API prevented users from accessing updated blocklists, from downloading updates, and from updating content remotely configured.
According to Mozilla, a total of 455,000 users downloaded and installed the malicious add-ons before the browser maker was able to block the extensions.
Furthermore, the organization paused approvals for add-ons relying on the proxy API to ensure that necessary fixes are available for all users first.
“Starting with Firefox 91.1, Firefox now includes changes to fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails,” Mozilla explains.
Users are advised to update to a newer version of Firefox as these newer releases feature an updated blocklist to automatically disable the malicious add-ons.
The malicious add-ons — namely Bypass (ID: {7c3a8b88-4dc9-4487-b7f9-736b5f38b957}) and Bypass XM (ID: {d61552ef-e2a6-4fb5-bf67-8990f0014957}) — can also be disabled and removed manually if the automatic process fails.
Developers of add-ons that require the use of the proxy API should immediately start including a strict_min_version key in the manifest.json files, as this will help expedite add-on reviews.
Related: Firefox 93 Improves Protection Against Tracking, Insecure Downloads
Related: Firefox 91 Brings New Privacy, Security Improvements
Related: Firefox 90 Drops Support for FTP Protocol

More from Ionut Arghire
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- US, Israel Provide Guidance on Securing Remote Access Software
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
