Firefox Blocks Malicious Add-Ons
Mozilla blocked add-ons that were abusing the proxy API in order to prevent over 400,000 users from updating their browsers. The Firefox add-ons were leveraging an API that controls how Firefox connects to the internet. Mozilla's development team members Rachel Tublitz and Stuart Colville discovered the malicious add-ons in early June. The Firefox team named them Bypass and Bypass XM.
Add-ons are software that can be added to Firefox or other apps to customize the browser by doing things like preventing tracking, blocking ads, or translating content. Add-ns can also install malware, like the 28 add-ons for Facebook, Vimeo, Instagram and others that researchers found in commonly used browsers from Google and Microsoft. The add-ons were stealing sensitive data, had the ability to enable further malware downloads, and were redirecting users to phishing sites and ads.
For developers waiting on approvals for new add-ons that use the proxy API, Mozilla is accepting new submissions, as outlined in its blog post. The post also recommends settings to Firefox add-on developers to help expedite review for add-ons. Mozilla is asking all developers of add-ons that require the use of the proxy API to start including a strict_min_version key in their manifest.json files targeting 91.1 or above.
Mozilla also made a change to how important requests such as update requests get handled by the browser. Starting with Firefox 91.1, if an important request is made via a proxy configuration that fails, Firefox will resort to direct connections instead. In addition, Mozilla has deployed a system add-on named Proxy Failover to block similar malicious add-ons. System add-ons are hidden, impossible to disable, and can be updated without the need to restart. Proxy Failover has been shipped to both current and older Firefox versions.
Make sure you're running on the latest version, Firefox 93 or Firefox ESR 91.2. If you're using Firefox in Windows, make sure that Microsoft Defender is running, Firefox 93 and Defender will make sure you're protected from this issue. Those who aren't running the latest version should check if they're affected by the malicious add-ons. The first step is to try to update Firefox, recent versions come with an updated blocklist that automatically disables the malicious add-ons.