Skip to content

Firefox blocks add-ons misusing its proxy API

Mozilla has blocked two add-ons that were misusing the browser’s proxy API. Said add-ons interfered with Firefox’s ability to download updates, access updated blocklists and update remotely configured content. 

Add-ons use the proxy API to control how Firefox connects to the internet. Add-ons are simply software additions that users can download straight in the browser for added functionality, like extensions in Chrome or Edge. 

Mozilla stated that the two blocked add-ons — Bypass and Bypass XM were discovered in early June and installed by over 455k users in total in a report published Monday

In the News: Facebook to start focussing on young adults

Blocking the blockers

In addition to blocking the existing add-ons that were misusing the proxy API, Mozilla has also temporarily put a hold on approvals for add-ons that use the API until fixes were available for all users to prevent additional users from being impacted by new, similar add-ons. 

Starting with Firefox 91.1, the browser now includes changes to fall back to a direct connection every time an important request via a proxy configuration fails. The company has also deployed a system add-on called “Proxy Failover” with added mitigations to both new and old versions of the browser. 

How to setup homepage in Firefox? On PC, Android and iOS

As a Firefox user, you should ensure that you have Windows Defender active and Firefox updated to the latest version, which should be Firefox 93 or Firefox ESR 91.2 as of Monday. 

Alternatively, users can search for and remove these add-ons. The names and IDs of the problematic add-ons are as follows.

  • Bypass: 7c3a8b88-4dc9-4487-b7f9-736b5f38b957
  • Bypass XM: d61552ef-e2a6-4fb5-bf67-8990f0014957

For developers building add-ons that use the proxy API, Mozilla has asked them to include a strict_min_version key in their manifest.json files targetting “91.1” or above versions of the browser. Doing so will help expedite the review for the particular add-on as well. 

In the News: Proton wins against Swiss Surveillance over snooping rules

Hello There!

If you like what you read, please support our publication by sharing it with your friends, family and colleagues. We're an ad-supported publication. So, if you're running an Adblocker, we humbly request you to whitelist us.

We may earn a commission if you buy something from a link on this page. Thanks for your support.