Mozilla's Firefox browser team has cracked the whip on malicious add-ons, blocking access to them despite their large user base of about 455,000 installations.
Mozilla hasn’t shared what led them to the offering software, but its developers discovered that the malicious add-ons were misusing the proxy API in the popular web browser, which helps govern how it connects to the internet.
In a blog post, Mozilla’s Rachel Tublitz and Stuart Colville explain that the add-ons misused the proxy API to interfere with the browser's update functionality, in essence preventing users of the add-ons from downloading updates for the browser, and even prevented them from accessing updated blocklists, and updates to any remotely configured Firefox content.
As soon as it discovered the ploy, Mozilla zapped the add-ons, and also paused approvals for any add-ons that relied on the proxy API, in order to prevent them from blocking updates for users, until a fix was available.
Malicious intent
BleepingComputer identified the offending add-ons as Bypass and Bypass XM, while revealing that they were likely using a reverse proxy to bypass paywalled sites.
The fix came shipped with Firefox 91.1, which as per the developers will now fall back to establishing a direct connection to the internet for any important request (such as for an update) in case going through the proxy configuration fails.
Furthermore, the developers note that they’ve also deployed a new system add-on named “Proxy Failover” that includes additional mitigations, to both current and older Firefox releases.
In the post, the developers urge users to make sure they are using the latest Firefox release, while also suggesting a best practice for web developers who want to make use of the proxy API in their add-ons to expedite reviews.
“We take user security very seriously at Mozilla. Our add-on submission process includes automated and manual reviews that we continue to evolve and improve in order to protect Firefox users,” conclude the duo.
