freeamfva | |
freeamfvaのブログ | |
年代 | 30代前半 |
---|---|
性別 | 女性 |
TITLE. abuse the proxy API to deny updates |
DATE. 2023年07月24日 11:54:37 |
THEME. 未分類 |
Patch now to bypass Firefox add-ons that abuse the proxy API to deny updates In a Firefox security announcement, Mozilla said 455,000 users have downloaded Firefox add-ons that interfere with how they connect to the internet.To get more news about website proxy, you can visit pyproxy.com official website.
The interference in itself was not the deciding factor, however. The add-ons abused the proxy API to prevent users who had installed them from downloading updates, accessing updated blocklists, and updating remotely configured content. Google Chrome provides an extension API also called "proxy" which is functionally similar to this API, in that extensions can use it to implement a proxying policy. However, the design of the Chrome API is completely different to this API. They are incompatible, which means using both is NOT recommended as it may result in connectivity issues.
Abuse cases Mozilla has blocked the malicious add-ons so they are not installed by anyone else. Starting with Firefox 91.1, Firefox now includes changes to fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails. By doing so, users can not be denied important updates.
Mitigation One of those fixes lies in the fact that Mozilla deployed a system add-on named “Proxy Failover” with additional mitigations, and that has been shipped to both current and older Firefox versions. This system add-on implements failover rules for system requests over malfunctioning proxies. In other words, If a proxied system request fails, the proxy configuration in use will be disabled. |
||
TAG. website proxy |
コメント
コメント:0件
コメントはまだありません