NewsSecurity & VulnerabilityUpdate

Malicious Firefox extensions prevent the browser from downloading security updates

Mozilla said on Monday that it has removed two malicious Firefox add-ons installed by 455,000 users that were determined to be abusing the Proxy API to prevent browser upgrades from being downloaded.

According to Mozilla’s Rachel Tublitz and Stuart Colville, the two extensions in issue, Bypass and Bypass XM, “interfered with Firefox in a way that prohibited users who had installed them from getting updates, accessing updated blocklists, and updating remotely set content.”

Because the Proxy API may be used to proxy web requests, a misuse of the API might allow a bad actor to essentially control how the Firefox browser connects to the internet.

In addition to restricting the extensions to prevent other users from installing them, Mozilla said it is halting approvals for new add-ons that utilise the proxy API until the solutions are widely available. Furthermore, the California-based non-profit stated that it had introduced a system add-on called “Proxy Failover” that comes with additional mitigations to solve the problem.

Users who have installed the dangerous add-ons are strongly urged to uninstall them by going to the Add-ons section and searching for “Bypass” (ID: 7c3a8b88-4dc9-4487-b7f9-736b5f38b957) or “Bypass XM” (ID: 7c3a8b88-4dc9-4487-b7f9-736b5f38b957) (ID: d61552ef-e2a6-4fb5-bf67-8990f0014957).

Developers of add-ons that rely on the proxy API must also begin include a “strict min version” value in their manifest.json files aimed to Firefox browser versions 91.1 and above

Sunaina

A tech enthusiast, with a mission to report data breaches, fraudulent practices, dark pattern practices, and updates. She is also frequently fascinated by fintech and unicorns.
Back to top button
Close
Close