Bypass and Bypass XM Extensions Obstruct Browser Updates
How is that possible? Since Proxy API can be utilized to proxy web requests, an abuse of the API could allow a threat actor to control the way Firefox connects to the internet.
The two extensions, called Bypass and Bypass XM, were installed by 455,000 users.
“In early June, we discovered add-ons that were misusing the proxy API, which is used by add-ons to control how Firefox connects to the internet. These add-ons interfered with Firefox in a way that prevented users who had installed them from downloading updates, accessing updated blocklists, and updating remotely configured content,” said Mozilla security researchers Rachel Tublitz and Stuart Colville.
How did Mozilla address the issue?
To prevent other users from installing the extensions, Mozilla blocked them. Furthermore, to prevent more users from being impacted by new add-on submissions misusing the proxy API, the company paused on approvals for add-ons that used the proxy API until fixes were available for all users.
According to the official announcement, starting with Firefox 91.1, the browser now includes changes to fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails. “Ensuring these requests are completed successfully helps us deliver the latest important updates and protections to our users. We also deployed a system add-on named “Proxy Failover” (ID: email@example.com) with additional mitigations that has been shipped to both current and older Firefox versions,” Mozilla added.
The organization used the occasion to remind its users how important it is to keep their browsers up-to-date. If users are not running the latest version, and have not disabled updates, they should check if they are affected by this issue. You can follow the instructions Mozilla provided to make sure you are safe.