System add-ons – a way to ship Firefox extensions – are hidden, impossible to disable, and can be updated without the need to restart. In addition, the team has deployed a system add-on named Proxy Failover (ID: to block similar malicious add-ons. “Ensuring these requests are completed successfully helps us deliver the latest important updates and protections to our users,” the Firefox developers said. Starting with Firefox 91.1, if an important request is made via a proxy configuration that fails, Firefox will resort to direct connections instead.
Mozilla has also made a change to how important requests such as update requests get handled by the browser. The post also provides recommended settings to Firefox add-on developers to help expedite review for add-ons. Mozilla has blocked the malicious add-ons in order to keep them from being installed by yet more users.ġ02621 18:38 UPDATE: For developers waiting on approvals for new add-ons that use the proxy API, Mozilla is accepting new submissions, as outlined in its blog post. The Firefox team said that the misbehaving Firefox add-ons they found in June – named Bypass and Bypass XM – were misusing the API to intercept and redirect users from downloading updates, accessing updated blocklists and updating remotely configured content. The add-ons were siphoning off sensitive data, had the ability to enable further malware downloads, and were tweaking links that victims clicked on in order to redirect them to phishing sites and ads.
On the flip side, they can be nasty little critters that install malware, like the 28 add-ons for Facebook, Vimeo, Instagram and others that researchers found in commonly used browsers from Google and Microsoft last year. The add-ons were misusing the proxy API, which APIs use to control how Firefox connects to the internet.Īdd-ons are powerful snippets of software that can be added to Firefox or other apps to customize the browser by doing things like preventing tracking, blocking ads, downloading videos from websites or providing content translation. In a Monday post, Mozilla’s development team members Rachel Tublitz and Stuart Colville said that they’d discovered the misbehaving add-ons in early June. Mozilla’s Firefox team has blocked add-ons that were abusing the proxy API in order to prevent around 455,000 users from updating their browsers.
0 kommentar(er)
