Skip to content

Firefox blocks add-ons misusing its proxy API

  • by
  • 2 min read

Mozilla has blocked two add-ons that were misusing the browser’s proxy API. Said add-ons interfered with Firefox’s ability to download updates, access updated blocklists and update remotely configured content. 

Add-ons use the proxy API to control how Firefox connects to the internet. Add-ons are simply software additions that users can download straight in the browser for added functionality, like extensions in Chrome or Edge. 

Mozilla stated that the two blocked add-ons — Bypass and Bypass XM were discovered in early June and installed by over 455k users in total in a report published Monday

In the News: Facebook to start focussing on young adults


Blocking the blockers

In addition to blocking the existing add-ons that were misusing the proxy API, Mozilla has also temporarily put a hold on approvals for add-ons that use the API until fixes were available for all users to prevent additional users from being impacted by new, similar add-ons. 

Starting with Firefox 91.1, the browser now includes changes to fall back to a direct connection every time an important request via a proxy configuration fails. The company has also deployed a system add-on called “Proxy Failover” with added mitigations to both new and old versions of the browser. 

How to setup homepage in Firefox? On PC, Android and iOS

As a Firefox user, you should ensure that you have Windows Defender active and Firefox updated to the latest version, which should be Firefox 93 or Firefox ESR 91.2 as of Monday. 

Alternatively, users can search for and remove these add-ons. The names and IDs of the problematic add-ons are as follows.

  • Bypass: 7c3a8b88-4dc9-4487-b7f9-736b5f38b957
  • Bypass XM: d61552ef-e2a6-4fb5-bf67-8990f0014957

For developers building add-ons that use the proxy API, Mozilla has asked them to include a strict_min_version key in their manifest.json files targetting “91.1” or above versions of the browser. Doing so will help expedite the review for the particular add-on as well. 

In the News: Proton wins against Swiss Surveillance over snooping rules

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>