Mozilla has made several changes to its Firefox browser after discovering that two add-ons, which were installed by approximately 455,000 people, abused one of its APIs.
"In early June, we discovered add-ons that were misusing the proxy API, which is used by add-ons to control how Firefox connects to the internet," Mozilla says in its announcement. "These add-ons interfered with Firefox in a way that prevented users who had installed them from downloading updates, accessing updated blocklists, and updating remotely configured content."
The company responded by preventing additional Firefox users from installing the add-ons and temporarily halting the approval of other add-ons that rely on the proxy API. Mozilla says it also made changes to Firefox 91.1 to have it "fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails."
It also released Proxy Failover, a system add-on "with additional mitigations that has been shipped to both current and older Firefox versions." (Which seems to have confused some Firefox users.) Mozilla says that system add-ons are hidden from the Firefox user interface, can't be disabled by users, and can be updated without requiring a browser restart at its discretion.
Firefox users have been advised to make sure they're running a version of the browser (91.1 or newer) that features these mitigations. If they aren't, and if they can't update to the latest version, they can see if the malicious add-ons have been installed. The add-ons in question are:
- Name: Bypass
- ID: {7c3a8b88-4dc9-4487-b7f9-736b5f38b957}
- Name: Bypass XM
- ID: {d61552ef-e2a6-4fb5-bf67-8990f0014957}
Mozilla offers instructions for removing the add-ons if they're found on the browser. The company says that Firefox users can also refresh the browser to reset all of their add-ons and settings or re-install the browser from scratch if desired.