Mozilla Firefox add-ons gain rollback support for bad extension updates
Security Tool/Service
Summary
Hide ▲
Show ▼
Mozilla added a rollback control for Firefox extension updates, letting developers push users back to a previously approved version when a release is buggy or broken. The change matters because it reduces the window in which a bad add-on can keep affecting users and helps limit installs of the problematic version. For extensions with automatic updates, the rollback should reach affected users within 24 hours.
Related Happenings
Microsoft security patch release for CVE-2026-41089
Security Patch Release
First: 13.05.2026 00:46
Last: 13.05.2026 00:46
Sources 1
About this happening:
**Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...
Microsoft security patch release for CVE-2026-41089
Security Patch ReleaseAbout this happening: **Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...
Mozilla Firefox 149 adds a built-in VPN privacy control with phased rollout
Security Tool/Service
First: 24.03.2026 19:23
Last: 24.03.2026 19:23
Sources 1
About this happening:
**Mozilla Firefox 149** now includes a **built-in VPN tool** that adds browser-level privacy protection and can help hide a user's **location and IP address** while browsing. The...
Mozilla Firefox 149 adds a built-in VPN privacy control with phased rollout
Security Tool/ServiceAbout this happening: **Mozilla Firefox 149** now includes a **built-in VPN tool** that adds browser-level privacy protection and can help hide a user's **location and IP address** while browsing. The...
Firefox JIT miscompilation in JavaScript WebAssembly security flaw (CVE-2026-2796)
Vulnerability
First: 07.03.2026 13:21
Last: 07.03.2026 13:21
Sources 1
About this happening:
**Firefox 148** now addresses **CVE-2026-2796**, a **CVSS 9.8** **JIT miscompilation** in the **JavaScript WebAssembly component**, after **Anthropic** validated the flaw and show...
Firefox JIT miscompilation in JavaScript WebAssembly security flaw (CVE-2026-2796)
VulnerabilityAbout this happening: **Firefox 148** now addresses **CVE-2026-2796**, a **CVSS 9.8** **JIT miscompilation** in the **JavaScript WebAssembly component**, after **Anthropic** validated the flaw and show...
GhostPoster malicious browser extension campaign across Chrome, Firefox, and Edge
Campaign
First: 17.01.2026 17:23
Last: 17.01.2026 17:23
Sources 1
About this happening:
The **GhostPoster** campaign resurfaced with **17 malicious extensions** in **Chrome, Firefox, and Edge**, putting users at risk of **browser monitoring**, **affiliate-link hijack...
GhostPoster malicious browser extension campaign across Chrome, Firefox, and Edge
CampaignAbout this happening: The **GhostPoster** campaign resurfaced with **17 malicious extensions** in **Chrome, Firefox, and Edge**, putting users at risk of **browser monitoring**, **affiliate-link hijack...
Timeline
-
22.09.2025 18:53 2 articles · 8mo ago
Mozilla adds Firefox add-on rollback support
Initial DisclosureMozilla announced a Firefox add-on rollback feature that lets developers republish a previously approved version of an extension with a new version number, helping users move off a buggy update. For add-ons on addons.mozilla.org with at least two approved versions, developers can roll back to the approved version released before the current one; self-distributed extensions can revert to any approved version. Developers can use the Developer Hub or the Add-on Submission API, and users with automatic updates should receive the rolled-back version within 24 hours.
Show sources
- Mozilla now lets Firefox add-on devs roll back bad updates — www.bleepingcomputer.com — 22.09.2025 18:53
- Mozilla now lets Firefox add-on devs roll back bad updates — www.bleepingcomputer.com — 22.09.2025 18:53