Firefox blocks malicious add-ons installed by half a million users

What just happened? Mozilla’s security blog announced this week that it discovered some add-ons were acting maliciously and that it decided to block them. The company estimates some 455,000 users might be affected. The security blog mentions two specific add-ons without detailing what they do.

On Monday, Mozilla said it discovered last June that some Firefox extensions were misusing its proxy API. It claims it prevented nearly half a million users who installed these add-ons from downloading updates, accessing updated blocklists, and updating remotely-configured content.

Not only has Mozilla blocked more Firefox users from installing these add-ons, but it has also paused approvals for extensions that use the proxy API. Starting with version 91.1, Firefox also started making important requests, such as downloading updates, through a direct connection whenever a proxy connection fails. Mozilla also released a system add-on called “Proxy Failover” (ID: proxy-failover@mozilla.com) to mitigate this problem further.

In its instructions for checking for and removing the add-ons, Firefox names two add-ons called “Bypass” and “Bypass XM” but does not detail what the extensions do. A Malwarebytes Labs security blog notes that the creators advertised the add-ons as ways to bypass paywall restrictions on websites.

Mozilla says that Firefox users trying to check and see if those add-ons are installed on their browsers should click on the menu button and go to Help> More Troubleshooting Information. Then scroll down to “Add-ons.” In that section, search for the names “Bypass” (ID: {7c3a8b88-4dc9-4487-b7f9-736b5f38b957}) and “Bypass XM” (ID: {d61552ef-e2a6-4fb5-bf67-8990f0014957}). If you find those add-ons in the list, you should disable or remove them from the “Add-ons and themes” section of the Firefox menu.

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *