Mozilla just blocked dangerous extensions used by 450K Firefox users

Mozilla just blocked dangerous extensions used by 450K Firefox users
© Vladyslav Yushynov | Dreamstime.com

It is hard to imagine a time before internet browsers had extensions. Tap or click here for the 10 best Chrome extensions to use with Google Drive. These powerful add-ons are downloaded and used within the browser and can help with translations, conversions or many other tasks.

Just like mobile apps, not all extensions are exclusively developed by the browser’s company. Most anyone with the right technical and coding knowledge can load an extension onto a browser’s download page.

Browser creators like Mozilla and Google do their best to check that the extensions don’t do anything malicious, but sometimes things do slip through the verification process. This is what happened recently with Firefox. Luckily Mozilla caught the culprits. Here’s why you need to update your browser now.

Here’s the backstory

For the most part, browser extensions do exactly what they claim. But there will always be bad actors who try to cheat the system by uploading add-ons that can steal data or hack your computer.

Mozilla discovered several such add-ons to its Firefox browser and released an update to block their access. In a blog post, the company detailed how the add-ons misused the proxy API for how the browser connects to the internet.

We all know that software and operating system updates are crucial to keeping malicious programs out of your computer. But that is exactly what the compromised extensions did: blocking access to updates and web blocklists. 

Mozilla didn’t divulge the specific extensions but did say that they had been downloaded a collective 455,000 times. The add-ons have since been blocked on Firefox, preventing other users from installing them.

What you can do about it

Other steps that Mozilla has taken to stop the spread, include the pausing of new approvals for extensions that use the proxy API until a proper fix is implemented. This means that other add-ons with the same technology will now default to direct connections when Firefox makes an important request.

The fix is primarily on Mozilla’s back-end, but the company advised users to update their Firefox browser to the latest version, which is now Firefox 93. Here’s how to do that:

  • Open Firefox and click the hamburger menu icon (three horizontal lines), then Help, then go to About Firefox.
  • The About Mozilla Firefox window will open and Firefox will check for updates and download them automatically.
  • When the download is complete, click Restart to update Firefox.

If you are unable to download the latest version, you might have one of the problematic extensions installed. Mozilla has given instructions for what to do next:

  • In the Add-ons section, search for one of the following entries:

Name: Bypass

ID: {7c3a8b88-4dc9-4487-b7f9-736b5f38b957}

Name: Bypass XM

ID: {d61552ef-e2a6-4fb5-bf67-8990f0014957}

If you get a hit in your browser, use the following instructions from Mozilla to remove them.

How to disable a Firefox extension:

  • Click the three-line menu button. Select Add-ons and Themes, then Extensions.
  • Scroll through the list of extensions.
  • Tap the blue toggle for the extension you wish to disable.

To re-enable an extension, find it in the list of extensions and tap the toggle for the corresponding one. The toggle will turn blue when enabled.

How to remove a Firefox extension:

  • Click the three-line menu button. Select Add-ons and Themes, then Extensions.
  • Scroll through the list of extensions.
  • Click the ellipsis (3-dot) icon for the extension you wish to remove and select Remove.

You could also uninstall Firefox and reinstall a clean copy.

Keep reading

Firefox has a new feature in the fight against tracking

Tech how-to: Lockdown Chrome, Firefox, Edge and Safari for maximum security

Tags: add-ons, browser, coding, download, extensions, Firefox, Google, Google Chrome, Google Drive, internet, malicious, Mozilla, Mozilla Firefox, operating systems, Remove, security, technology, updates