Mozilla hasn’t shared what led them to the offering software, but its developers discovered that the malicious add-ons were misusing the proxy API in the popular web browser, which helps govern how it connects to the internet.
In a blog post, Mozilla’s Rachel Tublitz and Stuart Colville explain that the add-ons misused the proxy API to interfere with the browser's update functionality, in essence preventing users of the add-ons from downloading updates for the browser, and even prevented them from accessing updated blocklists, and updates to any remotely configured Firefox content.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
As soon as it discovered the ploy, Mozilla zapped the add-ons, and also paused approvals for any add-ons that relied on the proxy API, in order to prevent them from blocking updates for users, until a fix was available.
The fix came shipped with Firefox 91.1, which as per the developers will now fall back to establishing a direct connection to the internet for any important request (such as for an update) in case going through the proxy configuration fails.
Furthermore, the developers note that they’ve also deployed a new system add-on named “Proxy Failover” that includes additional mitigations, to both current and older Firefox releases.
In the post, the developers urge users to make sure they are using the latest Firefox release, while also suggesting a best practice for web developers who want to make use of the proxy API in their add-ons to expedite reviews.
“We take user security very seriously at Mozilla. Our add-on submission process includes automated and manual reviews that we continue to evolve and improve in order to protect Firefox users,” conclude the duo.