Mozilla has blocked two add-ons that were misusing the browser’s proxy API. Said add-ons interfered with Firefox’s ability to download updates, access updated blocklists and update remotely configured content.
Add-ons use the proxy API to control how Firefox connects to the internet. Add-ons are simply software additions that users can download straight in the browser for added functionality, like extensions in Chrome or Edge.
Mozilla stated that the two blocked add-ons — Bypass and Bypass XM were discovered in early June and installed by over 455k users in total in a report published Monday.
In the News: Facebook to start focussing on young adults
Blocking the blockers
In addition to blocking the existing add-ons that were misusing the proxy API, Mozilla has also temporarily put a hold on approvals for add-ons that use the API until fixes were available for all users to prevent additional users from being impacted by new, similar add-ons.
Starting with Firefox 91.1, the browser now includes changes to fall back to a direct connection every time an important request via a proxy configuration fails. The company has also deployed a system add-on called “Proxy Failover” with added mitigations to both new and old versions of the browser.
As a Firefox user, you should ensure that you have Windows Defender active and Firefox updated to the latest version, which should be Firefox 93 or Firefox ESR 91.2 as of Monday.
Alternatively, users can search for and remove these add-ons. The names and IDs of the problematic add-ons are as follows.
- Bypass: 7c3a8b88-4dc9-4487-b7f9-736b5f38b957
- Bypass XM: d61552ef-e2a6-4fb5-bf67-8990f0014957
For developers building add-ons that use the proxy API, Mozilla has asked them to include a strict_min_version key in their manifest.json files targetting “91.1” or above versions of the browser. Doing so will help expedite the review for the particular add-on as well.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.