Mozillas Firefox browser Team has hit the whip maliciously Add-onsblocking access to them despite their large user base of approximately 455,000 installs.
Mozilla didn’t share what led them to the software it was offering, but the developers did find that the malicious add-ons use the proxy API in the popular Web browserthat helps control how it connects to the internet.
In one blog entry, Rachel Tublitz and Stuart Colville of Mozilla state that the add-ons abused the proxy API to disrupt the browser’s update functionality, essentially preventing users of the add-ons from downloading and even downloading updates for the browser have access to updated block lists. and updates for all remotely configured Firefox content.
We study how our readers use VPNs with streaming sites like Netflix so we can improve our content and provide better advice. This survey will take no more than 60 seconds of your time and we would be very happy if you shared your experience with us.
Once Mozilla discovered the trick, Mozilla tapped the add-ons and also paused approvals for any add-ons that relied on the proxy API to keep them from blocking updates for users until a fix was available.
BleepingComputer identified the offensive add-ons as Bypass and Bypass XM, while also revealing that they were likely to be a. used Reverse proxy to bypass paywall sites.
The fix was delivered with Firefox 91.1, which, according to the developers, now relies on establishing a direct connection to the Internet for all important requests (e.g. for an update) if the proxy configuration fails.
In addition, the developers find that they are also one New System expansion called “Proxy Failover”, which contains additional safeguards for current and older versions of Firefox.
In the post, the developers urge users to make sure they are using the latest version of Firefox while suggesting a best practice for. before Web developer who want to use the proxy API in their add-ons to speed up scans.
“We take user security very seriously at Mozilla. Our add-on submission process includes automated and manual reviews that we are constantly developing and improving to keep Firefox users safe, ”they conclude.
This article was previously published on Source link