![mozilla firefox forum mozilla firefox forum](https://user-media-prod-cdn.itsre-sumo.mozilla.net/uploads/images/2018-03-09-09-05-31-7fd7d2.png)
Together, Firefox 93 and Defender will make sure you’re protected from this issue," Tublitz and Colville added.
Mozilla firefox forum windows#
"It is always a good idea to keep Firefox up to date, and if you’re using Windows to make sure Microsoft Defender is running.
Mozilla firefox forum update#
Mozilla advises users to update their web browsers to at least the latest release version (Firefox 93), which can make sure that they're protected from add-ons abusing the proxy API. However, the add-ons also had Mozilla's domain in the paywall list which inadvertently also blocked browser updates.Ī Mozilla spokesperson wasn't able to provide more details when contacted by BleepingComputer earlier today. While Mozilla didn't share if the two add-ons were doing anything else malicious in the background, BleepingComputer found after analyzing them that they likely were using a reverse proxy to bypass paywalled sites. Malicious Bypass add-onn blocked from installing (BleepingComputer) This new add-on prevents attempts to interfere with update mechanisms in current and older Firefox versions. To block similar malicious add-ons to abuse the same API, Mozilla has added a system add-on (hidden from the 'about:addons' UI, impossible to disable, and updateable restartlessly) dubbed Proxy Failover.įirefox users can see if they have the Proxy Failover add-on installed by going to the 'Firefox Features' section on the 'about:support' page. "Ensuring these requests are completed successfully helps us deliver the latest important updates and protections to our users." "Starting with Firefox 91.1, Firefox now includes changes to fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails. "To prevent additional users from being impacted by new add-on submissions misusing the proxy API, we paused on approvals for add-ons that used the proxy API until fixes were available for all users," Mozilla's Rachel Tublitz and Stuart Colville said.
![mozilla firefox forum mozilla firefox forum](https://1.bp.blogspot.com/-Qq3NKcKIZuI/XZkyywzKzOI/AAAAAAAAAcM/kbM-DYCByTMIam6aJpuDb92jAcWtTljmwCLcBGAsYHQ/s1600/Mozilla-Firefox.cover_.jpg)
The add-ons (named Bypass and Bypass XM) were using the API to intercept and redirect web requests to block users from downloading updates, updating remotely configured content, and accessing updated blocklists. Mozilla blocked malicious Firefox add-ons installed by roughly 455,000 users after discovering in early June that they were abusing the proxy API to block Firefox updates.