Mozilla blocks Firefox add-ons installed over 455,000 times

Mozilla developers blocked two malicious Firefox add-ons, which were installed approximately 455,000 times. It was discovered that they were abusing the proxy API and blocking browser updates.

Organization representatives report that Bypass (ID: 7c3a8b88-4dc9-4487-b7f9-736b5f38b957) and Bypass XM (ID: d61552ef-e2a6-4fb5-bf67-8990f0014957) add-ons used APIs to intercept and redirect requests, thereby blocking downloads updates of remotely configured content and access to updated blacklists.

While Mozilla did not reveal what other malicious activity the add-ons were doing in the background, Bleeping Computer writes that they probably used a reverse proxy to bypass paywalls on various sites.

Also, both add-ons put the Mozilla domain on the paid access lists, which leads to the unintentional blocking of browser updates.

Also in the post, Mozilla emphasizes that, starting with Firefox 91.1, the browser can fall back to direct connections if it makes an important request through a proxy (for example, a request for updates) and the attempt fails.

In addition, Mozilla has now deployed a hidden Proxy Failover system addon in its browser (it cannot be disabled and it updates without restarting). The new add-on is designed to prevent attempts to tamper with the update mechanisms in the current and older versions of Firefox.

Users who have previously installed problematic addons are strongly advised to remove them by going to the add-ons section.

Let me remind you that we also wrote that Firefox bug allowed stealing cookies from Android devices.