Mozilla Firefox Blocks Malicious Add-ons Used by 455K users

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

Mozilla Firefox Blocks Malicious Add-ons Used by 455K users

Mozilla Firefox’s development team has blocked several malicious add-ons that are installed by about 455,000 users.

The development team said that back in June, the team discovered that some of the malicious add-ons were exploiting the Proxy API to block Firefox updates.

Now, these malicious add-ons have been blocked by the development team.

The Proxy API was being used by the add-ons named Bypass, and Bypass XM to initially intercept the request and then redirect those web requests.

The redirection is done so as to block the users from downloading any updates, updating the remotely configured content, and lastly restricting access to updated blocklists.

Mozilla’s Rachel Tublitz and Stuart Colville said that the approvals for new add-on submissions that use the Proxy API are halted until a fix for the same is released for users.

The approvals will be halted for the time being so as to avoid any more of the users getting affected by the new add-ons that abuse the proxy API.

Meanwhile, Mozilla will incorporate changes to harden the update process starting Firefox 91.1 version. A fallback mechanism to direct connections for the update purposes, as well as the other important requests initiated by the browser, has been deployed.

This means that the downloads will always take place no matter if the proxy configuration causes connection issues or not.

Mozilla has even added a system add-on named Proxy Failover that will block similar malicious add-ons that try to exploit the Proxy API.

This system add-on is hidden within the browser and Firefox has made it practically impossible to disable it.

Bypass blocked
Malicious Bypass Add-on Blocked from installing (Source: Bleeping Computer)

Mozilla hasn’t given any statement on whether two add-ons were doing anything else malicious other than exploiting the Proxy API.

Update Firefox Browser to Latest Version

Meanwhile, Mozilla is suggesting its users update their browsers to the latest version (Firefox 93). Updating to the latest version will give assurance that they are secured from the add-ons exploiting the proxy API.

Rachel Tublitz and Stuart Colville further said that regularly updating the Firefox browser plus using the Microsoft Defender on Windows OS is a good practice. Defender and Firefox 93 collectively help secure your system against this issue.

As per the free online virus, malware scanning service ‘VirusTotal’, Microsoft Defender is the only anti-malware solution that is detecting the add-ons as malicious.

Microsoft has tagged the add-on malware as BrowserModifier:JS/BypassPaywall.A.

Try to update your browser to Firefox 93 as it contains an updated blocklist that blocks these malicious add-ons.

In case, you are unable to update the Firefox, you have an alternative option i.e: to search and remove the add-ons that limit you from upgrading.

For better insights on how to search and remove the add-ons, follow the below-mentioned steps:

  • First step is the go to the Troubleshooting Information page.
  • Now, go to Add-ons section. Then, search one of the following entries with the help of search toolbar in extension page:

Name: Bypass

ID: {7c3a8b88-4dc9-4487-b7f9-736b5f38b957}

Name: Bypass XM

ID: {d61552ef-e2a6-4fb5-bf67-8990f0014957}

Match the above-mentioned IDs with the search results, if you don’t find any of these IDs in your list, you aren’t affected by the issue.

Additionally, if you like to start from scratch, you can download the latest version of Firefox.


Are you looking for more software news? Stay tuned for the latest software news from top tech industries.

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This