Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Mozilla Firefox is a free and open-source web browser that displays online pages using the Gecko rendering engine, which adheres to current and future web standards.
What Happened?
Mozilla disabled malicious Firefox add-ons installed by around 455,000 users, after finding out that they were misusing the proxy API to block Firefox upgrades.
The Bypass and Bypass XM add-ons intercepted and redirected web requests to prevent users from obtaining updates, updating remotely controlled content, or accessing updated blocklists.
To prevent additional users from being impacted by new add-on submissions misusing the proxy API, we paused on approvals for add-ons that used the proxy API until fixes were available for all users.
Starting with Firefox 91.1, Firefox now includes changes to fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails.
Ensuring these requests are completed successfully helps us deliver the latest important updates and protections to our users.
To prevent other malicious add-ons from abusing the same API, Mozilla has developed a system add-on called Proxy Failover that is hidden, hard to disable, and updates itself indefinitely.
This new add-on protects current and older Firefox versions from attempts to meddle with updating systems.
While Mozilla didn’t say if the two add-ons were doing anything more dangerous in the background, it seems that they were most likely utilizing a reverse proxy to bypass paywalled sites after examining them.
However, the paywall list in the add-ons included Mozilla’s site, which mistakenly barred browser upgrades.
Were You Affected?
According to Mozilla, the users should update their web browsers to at least the latest release version (Firefox 93).
It is always a good idea to keep Firefox up to date, and if you’re using Windows to make sure Microsoft Defender is running. Together, Firefox 93 and Defender will make sure you’re protected from this issue.
First, check what version of Firefox you are running. Assuming you have not disabled updates specifically, you should be running at minimum the latest release version, which is Firefox 93 as of today (or Firefox ESR 91.2). If you are not running the latest version, and have not disabled updates, you might want to check if you are affected by this issue. First, try updating Firefox. Recent versions of Firefox come with an updated blocklist that automatically disables the malicious add-ons. If that doesn’t work, there are a few ways to fix this:
This problem may affect you if you aren’t using Firefox 93 and haven’t blocked browser updates. To be sure, upgrade Firefox to the most recent version, which includes an updated blocklist that will immediately deactivate these malicious add-ons.
As explained by BleepingComputer, if you’re still having trouble updating Firefox, you may search for and delete the add-ons that are preventing you from doing so by following these steps:
- Visit the Troubleshooting Information page.
- In the Add-ons section, search for one of the following entries:
Name: Bypass
ID: {7c3a8b88-4dc9-4487-b7f9-736b5f38b957}
Name: Bypass XM
ID: {d61552ef-e2a6-4fb5-bf67-8990f0014957}
Remember to make sure that the IDs match, as there might exist unrelated add-ons using similar names. If none of those IDs are shown in the list, you are not affected.
If you liked this article, follow us on LinkedIn, Twitter, YouTube, Facebook, and Instagram to keep up to date with everything we post.
Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.
