Mozilla removes popular Firefox add-ons used by nearly a million people

cybersecurity
(Image credit: Shutterstock)

Mozilla's Firefox browser team has cracked the whip on malicious add-ons, blocking access to them despite their large user base of about 455,000 installations. 

Mozilla hasn’t shared what led them to the offering software, but its developers discovered that the malicious add-ons were misusing the proxy API in the popular web browser, which helps govern how it connects to the internet. 

In a blog post, Mozilla’s Rachel Tublitz and Stuart Colville explain that the add-ons misused the proxy API to interfere with the browser's update functionality, in essence preventing users of the add-ons from downloading updates for the browser, and even prevented them from accessing updated blocklists, and updates to any remotely configured Firefox content.  

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

As soon as it discovered the ploy, Mozilla zapped the add-ons, and also paused approvals for any add-ons that relied on the proxy API, in order to prevent them from blocking updates for users, until a fix was available.

Malicious intent

BleepingComputer identified the offending add-ons as Bypass and Bypass XM, while revealing that they were likely using a reverse proxy to bypass paywalled sites.

The fix came shipped with Firefox 91.1, which as per the developers will now fall back to establishing a direct connection to the internet for any important request (such as for an update) in case going through the proxy configuration fails.

Furthermore, the developers note that they’ve also deployed a new system add-on named “Proxy Failover” that includes additional mitigations, to both current and older Firefox releases. 

In the post, the developers urge users to make sure they are using the latest Firefox release, while also suggesting a best practice for web developers who want to make use of the proxy API in their add-ons to expedite reviews.  

“We take user security very seriously at Mozilla. Our add-on submission process includes automated and manual reviews that we continue to evolve and improve in order to protect Firefox users,” conclude the duo.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.