Firefox Blocks Malicious Add-Ons Misusing Its API

Update includes a system add-on for further protection

Mozilla has shared information detailing the discovery and removal of several browser add-ons that misused the proxy API built into Firefox.

On Monday, a new post from Mozilla revealed the blocking and removal of multiple add-ons used by 455,000 users. The development team first found the add-ons in June, and Mozilla says that when installed, they would misuse the proxy API that controls how Firefox connects to the internet. It could then stop users from updating their browser, which would keep them from getting access to important changes, blocklist updates, and more.

Firefox running on a laptop with video playing

Mozilla

Now that Mozilla has blocked the add-ons, it also is taking additional steps to mitigate this issue in the future. Starting with the most recent Firefox version 91.1, the browser will include changes to fall back to direct connections whenever it makes an important request.

These requests include looking for significant updates, as well as downloading changes to the blocklist.

If the proxy configuration fails, Firefox will move to a direct connection to ensure that users still get the latest downloads and protection.

Mozilla also has deployed a new system add-on called Proxy Failover, which will be shipped with current and older versions of Firefox.

Mozilla Firefox running on a monitor

Mozilla

Mozilla recommends that users download the latest version of Firefox, version 93, as well as ensure Microsoft Defender is running to help keep your computer safe. Users who need to update should try downloading the update.

If it doesn’t work, Mozilla says that you’ll need to follow a series of steps to unblock the proxy issues caused by the affected add-ons.

Was this page helpful?