Mozilla Blocks Malicious Firefox Add-ons “Bypass” and “Bypass XM” and Details Security Risks and Updates

Since its launch in 2002, Firefox has been popular for its lightweight, fast, simple, and highly extensible nature.

Firefox offers a rich ecosystem of add-ons, including anti‑tracking tools, ad blockers, themes, and utilities, allowing users to customize functionality and appearance.

However, like Chrome extensions, these add‑ons can also pose security risks.

This week, Mozilla’s security blog announced that after detecting malicious behavior, the Firefox team decided to block certain abused add‑ons.

The announcement specifically mentioned two add‑ons, “Bypass” and “Bypass XM”, but did not detail their exact actions.

It is known that roughly 455,000 users were potentially affected.

Mozilla stated that the blocked add‑ons tampered with the browser’s update mechanism, preventing nearly a million users from downloading updates, accessing blocklists, or retrieving remote configuration.

Malwarebytes Labs also reported that the creators claimed the add‑ons were intended to bypass paid website restrictions.

Earlier in June, researchers discovered that “Bypass” and “Bypass XM” abused Firefox’s proxy API to control how the browser connects to the internet.

These malicious add‑ons have now been blocked, and during remediation the Firefox team temporarily paused approvals for new add‑on submissions that use the proxy API.

Starting with version 91.1, Firefox implemented a direct‑connection fallback for updates and other critical requests, ensuring downloads succeed regardless of proxy configuration.

In early October, Mozilla released Firefox 93, featuring tab unloading, blocking HTTP downloads from HTTPS pages, and ending default support for 3DES encryption.

Mozilla urges users to upgrade to the latest version, and developers using the proxy API are now required to include appropriate code for faster review.

Additionally, Mozilla introduced a system add‑on called “Proxy Failover” to further mitigate the issue.

Users can check for the malicious add‑ons by opening the menu, navigating to Help → More → Troubleshooting Information, and searching for “Bypass” or “Bypass XM” in the Extensions list.

If found, they should be disabled or removed via the Extensions and Themes page.