Mozilla removes popular Firefox add-ons used by nearly a million people

Mozilla removes favorite Firefox add-ons used by nearly a million people

(Image cite: Shutterstock)

Mozilla's Firefox browser team has cracked the whip on leering bestow-ons, blocking access to them despite their extensive user root word of about 455,000 installations.

Mozilla hasn't divided what led them to the offering software, but its developers discovered that the malicious total-ons were misusing the proxy API in the popular web browser, which helps govern how it connects to the cyberspace.

In a blog post, Mozilla's Rachel Tublitz and Stuart Colville explain that the add-ons misused the proxy API to interfere with the browser's update functionality, in inwardness preventing users of the add-ons from downloading updates for the web browser, and even prevented them from accessing updated blocklists, and updates to whatever remotely configured Firefox content.

As presently A IT disclosed the ploy, Mozilla zapped the minimal brain dysfunction-ons, and also paused approvals for any tally-ons that relied on the proxy API, in order to foreclose them from blocking updates for users, until a fix was for sale.

Malicious intent

BleepingComputer identified the violative add-ons every bit Shunt and Bypass XM, while revealing that they were likely using a reverse proxy to get around paywalled sites.

The fix came shipped with Firefox 91.1, which as per the developers bequeath now tumble rear to establishing a direct connection to the cyberspace for any important request (so much arsenic for an update) in case going through the procurator configuration fails.

Furthermore, the developers note that they've also deployed a modern system add-on named "Proxy Failover" that includes additional mitigations, to both current and older Firefox releases.

In the post, the developers urge users to make believe sure they are using the latest Firefox release, while besides suggesting a best use for vane developers WHO want to make use of the procurator API in their add-ons to expedite reviews.

"We take exploiter security really seriously at Mozilla. Our addition submission process includes automated and manual reviews that we uphold to germinate and meliorate systematic to protect Firefox users," conclude the twain.

With almost ii decades of writing and reporting on Linux, Mayank Sharma would wish everyone to recall helium's TechRadar Professional's expert connected the topic. Naturally, He's just as interested in past computing topics, particularly cybersecurity, cloud, containers, and secret writing.