Security News

Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser. The two extensions in question, named Bypass and Bypass XM, "Interfered with Firefox in a way that prevented users who had installed them from downloading updates, accessing updated blocklists, and updating remotely configured content," Mozilla's Rachel Tublitz and Stuart Colville said.

Mozilla blocked malicious Firefox add-ons installed by roughly 455,000 users after discovering in early June that they were abusing the proxy API to block Firefox updates. "Starting with Firefox 91.1, Firefox now includes changes to fall back to direct connections when Firefox makes an important request via a proxy configuration that fails."

Mozilla is now showing ads in the form of sponsored Firefox contextual suggestions when U.S. users type in the URL address bar. While blog posts [1, 2] presenting it under the "Firefox Suggest" name were published in September, it was first mentioned in a Firefox changelog with the release of Firefox 93 two days ago and presented as a "Faster way to navigate the web."

Mozilla says that Firefox users will be better protected from advertising trackers while browsing the Internet in Private Browsing mode and using Strict Tracking Protection. The SmartBlock mechanism, introduced by Mozilla with the release of Firefox 87 in March, ensures that the Tracking Protection feature and Strict Mode don't break websites when blocking tracking scripts.

A malicious Firefox add-on named "Safepal Wallet" scammed users by emptying out their wallets and lived on the Mozilla add-ons site for seven months. Safepal is a cryptocurrency wallet application capable of securely holding more than 10,000 types of assets, including Bitcoin, Ethereum, and Litecoin.

Mozilla is running a study to test users' responses to changing the default Firefox search engine to Microsoft Bing. Like all browsers, Mozilla Firefox automatically configures a browser to a default search engine for performing searches via the address bar.

Likely fed up with the new Windows 11 default apps interface, Mozilla has bypassed Microsoft's policies to make it easier for users to switch their default browser. After some programs began hijacking default program settings without permission, Microsoft added restrictions in Windows 10 by requiring users to specifically choose their default programs.

Released on August 10, Firefox 91 delivers HTTPS by Default in Private Browsing mode and an enhanced cookie clearing option. "While there remain many websites that don't use HTTPS by default, a large fraction of those sites do support the optional use of HTTPS. In such cases, Firefox Private Browsing Windows now automatically opt into HTTPS for the best available security and privacy," Mozilla explained.

Mozilla on Tuesday released Firefox 91, a version of the web browser that brings enhanced cookie clearing, HTTPS by default in private browsing mode, and patches for several high-severity vulnerabilities. Once the user updates Firefox to version 91, the browser will automatically use an HTTPS connection when the Private Browsing feature is used.

This change builds on the inclusion of default blocks for cross-site tracking in private browsing, first introduced after Total Cookie Protection was released with Firefox 86 in February. Enhanced Cookie Clearing is triggered automatically whenever you're clearing cookies and other site data after enabling Strict Tracking Protection.