Home > Cyber News > Malicious Firefox Extensions Installed by 455,000 Users Blocked Updates

Malicious Firefox Extensions Installed by 455,000 Users Blocked Updates

malicious mozilla add-ons Bypass and Bypass XM
Mozilla blocked two malicious Firefox add-ons installed by nearly half a million users. The extensions abused the Proxy API to obstruct updates to the browser.

Related: The Great Suspender Chrome Extension Contains Malware

Bypass and Bypass XM Extensions Obstruct Browser Updates

How is that possible? Since Proxy API can be utilized to proxy web requests, an abuse of the API could allow a threat actor to control the way Firefox connects to the internet.

The two extensions, called Bypass and Bypass XM, were installed by 455,000 users.

“In early June, we discovered add-ons that were misusing the proxy API, which is used by add-ons to control how Firefox connects to the internet. These add-ons interfered with Firefox in a way that prevented users who had installed them from downloading updates, accessing updated blocklists, and updating remotely configured content,” said Mozilla security researchers Rachel Tublitz and Stuart Colville.

How did Mozilla address the issue?

To prevent other users from installing the extensions, Mozilla blocked them. Furthermore, to prevent more users from being impacted by new add-on submissions misusing the proxy API, the company paused on approvals for add-ons that used the proxy API until fixes were available for all users.

According to the official announcement, starting with Firefox 91.1, the browser now includes changes to fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails. “Ensuring these requests are completed successfully helps us deliver the latest important updates and protections to our users. We also deployed a system add-on named “Proxy Failover” (ID: proxy-failover@mozilla.com) with additional mitigations that has been shipped to both current and older Firefox versions,” Mozilla added.

The organization used the occasion to remind its users how important it is to keep their browsers up-to-date. If users are not running the latest version, and have not disabled updates, they should check if they are affected by this issue. You can follow the instructions Mozilla provided to make sure you are safe.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree