Mozilla announced that they blocked two malicious add-ons on Firefox that were causing security vulnerabilities by misusing proxy API to obstruct users from getting security updates. The two add-ons that were causing security issues are addressed as “Bypass and Bypass XM”.
Countermeasures to prevent any further security issues
As soon as the security issue was discovered, Mozilla took the initiative and paused the approval of all add-ons that deal with proxy API. By doing so, the team eliminated any new abusers of Proxy API from causing any further damage. This pause gave the team the opportunity to prepare hotfixes and updates to address the proxy API issue and as well as gave the users enough time to download these security updates.
The problematic add-ons were identified as Bypass and Bypass XM. Users who have downloaded them are highly advised to delete these add-ons. The ID’s for these add-ons are (7c3a8b88-4dc9-4487-b7f9-736b5f38b957 and d61552ef-e2a6-4fb5-bf67-8990f0014957) respectively.
Rachel Tulitz and Stuart Colville from the Mozilla engineering team said,
“To prevent additional users from being impacted by new add-on submissions misusing the proxy API, we paused on approvals for add-ons that used the proxy API until fixes were available for all users. Starting with Firefox 91.1, Firefox now includes changes to fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails. Ensuring these requests are completed successfully helps us deliver the latest important updates and protections to our users.”
If you’re not sure that you are safe from the threats of these malicious add-ons, you can permanently uninstall Firefox and make a clean reinstall. That way, you don’t have any traces left related to the security issue. You should always keep checking the security updates. Also, please make sure that Firefox security updates are enabled and working properly.
FAQ
What is the latest version of Mozilla Firefox?
The latest version of Mozilla Firefox is Firefox 109 and it was released on 17 January 2023.
Is Firefox still used today?
Yes, Firefox is still widely used today. It is a popular web browser that is known for its speed, security, and privacy features. It continues to be a popular choice among users who value privacy and security when browsing the web.
Is Mozilla Firefox a Chinese company?
No, Mozilla Firefox is not a Chinese company. It is a free and open-source web browser developed and maintained by the Mozilla Foundation, a non-profit organization based in the United States.
Is Mozilla Firefox free?
Yes, Mozilla Firefox is a free and open-source web browser. It is available for Windows, macOS, and Linux operating systems and can be downloaded from the official Mozilla website. Firefox is free to use, download, and distribute, and it is supported by a community of developers and users who contribute to its development and maintenance.
What are the system requirements for running Mozilla Firefox?
For Windows
- Windows 7 or later
- Pentium 4 or newer processor that supports SSE2
- 512MB of RAM / 2GB of RAM for the 64-bit version
- 200MB of hard drive space
- macOS 10.12 or later
- Mac computer with an Intel x86 or Apple silicon processor
- 512 MB of RAM
- 200 MB hard drive space
- Firefox will not run at all without the following libraries or packages:
- glibc 2.17 or higher
- GTK+ 3.14 or higher
- libstdc++ 4.8.1 or higher
- X.Org 1.0 or higher (1.7 or higher is recommended)
- For optimal functionality, we recommend the following libraries or packages:
- DBus 1.0 or higher
- GNOME 2.16 or higher
- libxtst 1.2.3 or higher
- NetworkManager 0.7 or higher
- PulseAudio