Mozilla announced that they blocked two malicious add-ons on Firefox that were causing security vulnerabilities by misusing proxy API to obstruct users from getting security updates. The two add-ons that were causing security issues are addressed as “Bypass and Bypass XM”.
Countermeasures to prevent any further security issues
As soon as the security issue was discovered, Mozilla took the initiative and paused the approval of all add-ons that deal with proxy API. By doing so, the team eliminated any new abusers of Proxy API from causing any further damage. This pause gave the team the opportunity to prepare hotfixes and updates to address the proxy API issue and as well as gave the users enough time to download these security updates.
The problematic add-ons were identified as Bypass and Bypass XM. Users who have downloaded them are highly advised to delete these add-ons. The ID’s for these add-ons are (7c3a8b88-4dc9-4487-b7f9-736b5f38b957 and d61552ef-e2a6-4fb5-bf67-8990f0014957) respectively.
Rachel Tulitz and Stuart Colville from the Mozilla engineering team said,
“To prevent additional users from being impacted by new add-on submissions misusing the proxy API, we paused on approvals for add-ons that used the proxy API until fixes were available for all users. Starting with Firefox 91.1, Firefox now includes changes to fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails. Ensuring these requests are completed successfully helps us deliver the latest important updates and protections to our users.”
If you’re not sure that you are safe from the threats of these malicious add-ons, you can permanently uninstall Firefox and make a clean reinstall. That way, you don’t have any traces left related to the security issue. You should always keep checking the security updates. Also, please make sure that Firefox security updates are enabled and working properly.