HQ/EMEAFind out how we can help your business
Recent reports reveal that Mozilla has blocked malicious Firefox add-ons that about 455,000 users have installed on their browsers. A discovery was shown in June this year that users are exploiting the proxy API add-ons to block the patches released by Firefox.
The add-ons, Bypass and Bypass XM, use the API to interrupt and redirect web requests into blocking users from installing Firefox patch updates, updating configured contents, and accessing blocklists.
Mozilla’s spokesperson said they had paused the approvals for add-ons using proxy API to prevent more users from being affected by the exploitation of proxy APIs.
The approvals will continue once a fix has become available for all its users.
Furthermore, Firefox 91.1 and its future updates will include a retreat to direct connections whenever Firefox makes important requests, such as updates, through a proxy configuration that fails. They must complete the requests to help them deliver protection among users and give them the latest significant updates.
Mozilla has also added a hidden system add-on that users will not be able to disable and update unceasingly, aiming to block the same malicious add-ons that exploit the same API. The add-on is called the Proxy Failover, and it prevents interference attempts with its updated mechanisms in all Firefox versions.
Even though Mozilla did not share if the two add-ons could execute malicious activities in the background, security analysts discovered that these add-ons are using a reverse proxy to circumvent paywalled websites. On the other hand, the add-ons also have Mozilla’s domain in its paywall list, unintentionally blocking its browser updates.
Security analysts have reached out to a Mozilla spokesperson to probe the situation, to no avail.
Users are highly advised to update their web browsers to the latest patch version that has been released, which is Firefox93. Through the update, they will ensure their protection against add-ons exploiting the proxy API. Furthermore, Mozilla also tells users to have their Microsoft Defender always running because it is the only anti-malware solution that can detect malicious add-ons that tags them as BrowserModifier:JS/BypassPaywall.A.
