Mozilla Cracks Down Malicious add-ons That Used by Over 455k Firefox User

Mozilla discovered add-ons that were abusing its proxy API function in early June and blocked them all at a time. And not only that even all these malicious add-ons were installed by more than 455k users.

The proxy API function is utilized to measure how Firefox connects to the internet and all these procedures were done by the add-ons.

EHA

To intercept and redirect web requests, in this event the malicious add-ons (named Bypass and Bypass XM) block the users from doing the following things:-

  • Downloading updates
  • Updating remotely configured content
  • Accessing updated blocklists

While Mozilla’s spokesperson, Rachel Tublitz and Stuart Colville stated:-

“To prevent additional users from being impacted by new add-on submissions misusing the proxy API, we paused on approvals for add-ons that used the proxy API until fixes were available for all users.

Starting with Firefox 91.1, Firefox now includes changes to fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails. Ensuring these requests are completed successfully helps us deliver the latest important updates and protections to our users.”

So, here, Mozilla has added a system add-on that is hidden, impossible to disable, and updateable to block similar malicious add-ons from abusing the proxy API function of Mozilla:-

  • Proxy Failover

What should I do next?

To keep you on the right track, Mozilla recommends and encourages users to immediately update their Firefox web browsers to the latest release version (Firefox 93) which comes with all the latest security mechanisms.

Moreover, right now there is only one anti-malware solution is available that detects the add-ons as malicious and tags them as “BrowserModifier:JS/BypassPaywall.A,” Microsoft Defender.

However, if you weren’t able to update your web browser to the latest version then you have to follow the following fixes that we have mentioned below:-

  • Search for the problematic add-ons and remove them.
  1. Visit the Troubleshooting Information page.
  2. In the Add-ons section, search for one of the following entries:

Name: Bypass

ID: {7c3a8b88-4dc9-4487-b7f9-736b5f38b957}

Name: Bypass XM

ID: {d61552ef-e2a6-4fb5-bf67-8990f0014957}

Please make sure the ID matches exactly as there might be other, unrelated add-ons using those or similar names. If none of those IDs are shown in the list, you are not affected.

If you find a match, follow these instructions to remove the add-on(s).

While in the case of developers to facilitate future inspections use of the proxy API are being asked to start including the code “browser_specific_settings “: {   “gecko”: {     “strict_min_version”: “91.1”   }  } in their add-ons.

Looking for Best WAF Solutions for your web applications environment?? Register for Free WAF webinar & explore the experts thoughts and Choose the Best one.. Very limited seats available.. grab it here at .

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.