Why Firefox Blocked the ‘Bypass’ Add‑Ons and How to Protect Your Browser

Since its launch in 2002, Firefox has been praised for its lightweight, fast, and highly extensible nature.

The browser offers a rich ecosystem of add‑ons, ranging from anti‑tracking tools to themes, but these extensions can also introduce security risks.

Earlier this week, Mozilla’s security blog announced that, after detecting malicious behavior, the Firefox team has blocked certain abused add‑ons.

The announcement specifically mentions two add‑ons, “Bypass” and “Bypass XM,” which have compromised the browser’s proxy API to manipulate how Firefox connects to the internet. Approximately 455,000 users may have been impacted.

Mozilla stated that these blocked extensions tampered with the browser’s update mechanism, preventing nearly a million users from downloading updates, accessing blocklists, or receiving remote configuration changes.

Malwarebytes Labs also reported that the creators of these add‑ons intended to bypass pay‑walls on certain websites.

Investigations in June revealed that the “Bypass” and “Bypass XM” extensions were misusing the proxy API to control network connections.

Mozilla has now blocked the malicious add‑ons and temporarily paused approvals for new extensions that use the proxy API while a remediation process is underway.

Starting with version 91.1, Firefox introduced a direct‑connection fallback for updates and other critical requests, ensuring downloads proceed even when proxy settings cause connectivity issues.

In early October, Firefox 93 was released, featuring tab‑unloading, blocking of HTTP downloads from HTTPS pages, and the deprecation of 3DES encryption.

Mozilla urges users to upgrade to the latest Firefox version and asks developers using the proxy API to include appropriate code to accelerate review.

The organization also released a system add‑on called “Proxy Failover” to further mitigate related problems.

Users can verify whether the malicious add‑ons are installed by navigating to the menu, selecting “Help,” then “More,” and accessing the troubleshooting information. By scrolling to the “Add‑ons” section and searching for “Bypass” or “Bypass XM,” they can disable or remove the offending extensions.