Mozilla removes popular Firefox add-ons used by nearly a million people
Mozilla has made changes to Firefox to ensure the browser can call home for updates
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Mozilla’sFirefox browserteam has cracked the whip on maliciousadd-ons, blocking access to them despite their large user base of about 455,000 installations.
Mozilla hasn’t shared what led them to the offering software, but its developers discovered that the malicious add-ons were misusing the proxy API in the popularweb browser, which helps govern how it connects to the internet.
In ablog post, Mozilla’s Rachel Tublitz and Stuart Colville explain that the add-ons misused the proxy API to interfere with the browser’s update functionality, in essence preventing users of the add-ons from downloading updates for the browser, and even prevented them from accessing updated blocklists, and updates to any remotely configured Firefox content.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
Click here to start the survey in a new window«
As soon as it discovered the ploy, Mozilla zapped the add-ons, and also paused approvals for any add-ons that relied on the proxy API, in order to prevent them from blocking updates for users, until a fix was available.
Malicious intent
BleepingComputeridentified the offending add-ons as Bypass and Bypass XM, while revealing that they were likely using areverse proxyto bypass paywalled sites.
The fix came shipped with Firefox 91.1, which as per the developers will now fall back to establishing a direct connection to the internet for any important request (such as for an update) in case going through the proxy configuration fails.
Furthermore, the developers note that they’ve also deployed anewsystem add-onnamed “Proxy Failover” that includes additional mitigations, to both current and older Firefox releases.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
In the post, the developers urge users to make sure they are using the latest Firefox release, while also suggesting a best practice forweb developerswho want to make use of the proxy API in their add-ons to expedite reviews.
“We take user security very seriously at Mozilla. Our add-on submission process includes automated and manual reviews that we continue to evolve and improve in order to protect Firefox users,” conclude the duo.
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
7 myths about email security everyone should stop believing
Best Usenet client of 2024
Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well
