Mozilla Removes Malicious Firefox Add-Ons Used By 450,000 People
Mozilla made several changes to its Firefox browser after discovering that two add-ons, installed by approximately 455,000 people, were abusing one of its APIs.
âAt the beginning of June, we discovered add-ons that abused the Proxy API, which is used by add-ons to control how Firefox connects to the Internet, âMozilla explains in its announcement. “These add-ons interfered with Firefox in a way that prevented users who installed them from downloading updates, accessing updated blocklists, and updating configured content remotely.”
The company responded by preventing other Firefox users from installing add-ons and temporarily suspending approval of other add-ons that rely on the proxy API. Mozilla says it has also made changes to Firefox 91.1 to “revert to direct connections when Firefox makes a large request (such as for updates) through a failed proxy configuration.”
It also released Proxy Failover, a system add-on “with additional mitigations that shipped to current and older versions of Firefox”. (Who seems to have confused some Firefox users.) Mozilla said that system add-ons are hidden in the Firefox user interface, cannot be disabled by users and can be updated without requiring a browser restart at its discretion.
Firefox users have been advised to ensure that they are running a browser version (91.1 or newer) that has these mitigations. If they are not and if they cannot update to the latest version, they can see if the malicious add-ons have been installed. The add-ons in question are:
Recommended by our editors
Mozilla Offers instructions to remove add-ons if they are on the browser. The company claims that Firefox users can also refresh browser to reset all of their add-ons and settings or reinstall the browser from scratch if you wish.
Do you like what you read ?
Sign up for Security watch newsletter for our best privacy and security stories delivered straight to your inbox.
This newsletter may contain advertising, offers or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of use and Privacy Policy. You can unsubscribe from newsletters at any time.