“In early June, we discovered add-ons that were misusing the proxy API, which is used by add-ons to control how Firefox connects to the internet,” Mozilla says in its announcement. “These add-ons interfered with Firefox in a way that prevented users who had installed them from downloading updates, accessing updated blocklists, and updating remotely configured content.” Mozilla blocked malicious Firefox add-ons installed by roughly 455,000 users after discovering in early June that they were abusing the proxy API. In addition to blocking the extensions to prevent installation by other users, Mozilla said it’s pausing on approvals for new add-ons that use the proxy API until the fixes are broadly available. What’s more, the California-based non-profit said it’d deployed a system add-on named “Proxy Failover” that ships with further mitigations to address the issue.

According to Mozilla, the add-ons removed in the sweep tampered with the browser’s update functionality; in particular, users were unable to download updates, access updated blocklists, or update remotely configured Firefox content.

1. Visit the Troubleshooting Information page.

2. In the Add-ons section, search for one of the following entries:

   Name: Bypass

   ID: {7c3a8b88-4dc9-4487-b7f9-736b5f38b957}

   Name: Bypass XM

   ID: {d61552ef-e2a6-4fb5-bf67-8990f0014957}

   NOTE: Make sure the IDs match exactly as there might be other, unrelated add-ons using those or similar names. If none of those IDs are shown in the list, you are not affected.