Mozilla Firefox cracks down on malicious add-ons used by 455,000 users

Mozilla’s Firefox browser team has cracked down on malicious add-ons, blocking software with a 455,000 user base. 

On October 25, the development team said that in early June, Firefox discovered add-ons that were misusing the browser’s proxy API, used by software to manage how the browser connects to the internet. 

Add-ons are software modules that can be installed to customize a user’s browsing experience and may include anti-tracking software, ad blockers, themes, and utilities. 

However, they may also become a conduit for malicious purposes, such as data theft or eavesdropping, a challenge faced by all browser developers. 

According to Mozilla, the add-ons removed in the sweep tampered with the browser’s update functionality; in particular, users were unable to download updates, access updated blocklists, or update remotely configured Firefox content. 

The add-ons have been blocked, and approval was temporarily paused for new add-on developer submissions when the proxy API was in use to create and deploy a fix. 

Firefox, starting with v.91.1, now also includes changes to harden the update process. A fallback mechanism to direct connections for update purposes and other “important requests” made by the browser has been implemented, allowing downloads to take place whether or not a proxy configuration

Read More: