The following guide offers tips and instructions for staying safe when you download extensions for the Mozilla Firefox web browser.
The past year has been eventful for users of the Firefox web browser. Mozilla introduced features such as multi-process support or Firefox Quantum that moved the browser closer to the all-powerful Google Chrome browser.
Mozilla dropped the old add-on system of Firefox and replaced it with WebExtensions. WebExtensions is the same system that Google Chrome and other Chromium-based browsers support. Mozilla's plan was, however, to extend the capabilities of WebExtensions further than what Chrome supported.
Firefox WebExtensions have access to features that can make them more potent than their Chrome counterparts.
One of the reasons that Mozilla offered for switching to WebExtensions was that classic add-ons had too much control over the browser. WebExtensions limit what developers can do which benefits security and stability of the browser.
A look over to Chrome's Web Store for extensions shows, however, that WebExtensions may still be abused to spy on users, steal data, or abuse user devices in other ways.
AMO, Add-ons Mozilla Org, is the primary hub for Firefox extensions. It is the official extension directory, and users may use it to browse, search for and install browser extensions.
The store lists classic add-ons and WebExtensions currently. Mozilla announced plans in 2017 to remove traditional add-ons from the Store after Firefox ESR hits version 60. Firefox ESR is the only official Firefox version right now that supports legacy add-ons. The next version of the extended support release will end that.
Mozilla changed the extension submission system on Mozilla AMO. The organization verified each add-on manually in the past before allowing it to become available on AMO. The new system runs automated checks and adds any extension that passes these to the store.
This is the same system that Google users for Chrome extensions. Mozilla will check add-ons manually eventually but only after the fact. That's different to how Google handles things and improves security.
There is no manual verification indicator on the site right now which means that you don't know if an extension was reviewed manually.
Crypto-mining extensions slipped passed the automatic review process already, and while the situation is arguable a lot better than on Chrome's Web Store, there is a chance that problematic extensions may end up on AMO.
So, what can you do about it?
If you cannot do that, you may use the following methods to reduce the chance of installing problematic extensions:
Don't get me wrong. I'm not advocating that Firefox users should not install add-ons anymore. Firefox users need to be aware of the dangers of the new review system. It is easy enough to see how bad things can become by looking at the situation over on Chrome's Web Store. Mozilla's system is still better than Google's. The organization should consider adding a visible flag to extensions that have not been reviewed manually yet.
Now You: How do you handle this?
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.