Firefox 74: sideloading extension support ends - gHacks Tech News

ADVERTISEMENT

Firefox 74: sideloading extension support ends

Mozilla announced this week that the organization's Firefox web browser will stop supporting extension sideloading in Firefox 74.

Current versions of the Firefox web browser support three different methods when it comes to the installation of extensions:

  1. Install via Mozilla's official add-ons repository Mozilla AMO.
  2. Use Firefox's "Install add-on from file" functionality in the Add-ons Manager. To use it, load about:addons in the Firefox address bar and select Menu > Install Add-on from File. Select the Firefox extension using the file browser that opens to start the installation dialog.
  3. Place extension files into standard extension folders.

The change removes the third option but does not touch the other two options.  The third method caused issues frequently for Firefox users according to Mozilla as these extensions were not installed directly by users of the browser and could not be removed from the add-ons manager either.

firefox install local extensions

While sideloading has been used by legitimate developers to test Firefox installations and organizations to deploy extensions on systems, it has also been abused in the past, e.g. to install malicious extensions in Firefox.

Mozilla plans to remove support in Firefox 74. Here is the full timeline (see our release schedule for Firefox for additional information):

  • Firefox 73 (out February 11, 2020) -- Sideloaded extensions will be copied to the user's profile and installed as regular add-ons.
  • Firefox 74 (out March 10, 2020) -- Sideloading is no longer supported

The change in Firefox 73 ensures that installed extensions won't be removed without recourse. Firefox users find these extensions in the built-in extension manager from where they may be removed just like any other extension installed in the web browser. Firefox users may remove these extensions then from the web browser in case they have no intention of using them.

Closing Words

Organizations who use sideloading currently need to use different options to install Firefox extensions, e.g. by using the Windows Registry. The options are explained here.

Firefox users will benefit from the change as it removes an option that has been abused by malicious actors and also some software companies in the past to install extensions in Firefox.

Firefox users and developers will still be able to install extensions in the browser that are stored locally.

Now You: Do you use extensions that you installed locally in Firefox?

Summary
Firefox 74: sideloading extension support ends
Article Name
Firefox 74: sideloading extension support ends
Description
Mozilla announced this week that the organization's Firefox web browser will stop supporting extension sideloading in Firefox 74.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: »

Comments

  1. Anonymous said on November 1, 2019 at 4:14 pm
    Reply

    “To give users more control over their extensions, support for sideloaded extensions will be discontinued.”

    I’m not sure if they’re serious or not lol

    1. Anonymous said on November 2, 2019 at 5:45 pm
      Reply

      Addons installed by the removed method do not give the user control over them within the browser and are often automatically installed by other software which may be malicious. You can still load an addon from a file but have that control and have to very deliberately do it.

  2. daveb said on November 1, 2019 at 5:06 pm
    Reply

    and firefox continues to remove more functionality than they add in updates. Even their transition from version 73 to 74 shows how they could have handled this differently to maintain the functionality while changing. Just make the manager capable with dealing with the sideloaded extensions, done. A truly capable manager sould be able to manage any type of file that the application picks up, including the side loading one.

    Firefox continues to make the case that other options are superior.

    1. Man Stopper 1911 said on November 1, 2019 at 6:22 pm
      Reply

      But what other options are there that are not open source and have the best extensions possible, ublock origin, umatrix and noscript? It seems like the choices here are very limited.

    2. leland said on November 1, 2019 at 7:29 pm
      Reply

      Side Loading is not truly removed since you can install an extension manually. As someone who manages many Firefox installations I see this as a plus because it improves security. The method being removed probably should never have been included anyway as it is way to easy to abuse. That’s my 2 cents…

    3. Lawrence said on November 2, 2019 at 12:19 am
      Reply

      @daveb – this option was being abused by many software companies as a sneaky way to install PUPs without any clear way to remove, especially anti-virus software, most notably Symantec constantly abused this method, making their tracking extension impossible to remove by ordinary users. This change is a net-positive in this instance, as a corporate systems admin speaking.

      1. daveb said on November 2, 2019 at 6:17 pm
        Reply

        “making their tracking extension impossible to remove by ordinary users”
        This is exclusively a problem with the manager, not a problem with side-loading. As I said, anything that has the capability of being picked up by the browser should also be controlled by the manager. Thats a very basic coding practice. They are taking the worst direction possible because its the easy route.

        Yes every ‘lock down’ admin out there is getting moist at these changes. ..but they are the furthest thing from what an application should be focusing on pleasing.

      2. Cassette said on November 3, 2019 at 12:00 pm
        Reply

        The easy route is their go-to move time and time again. Tabs on top vs on bottom?…ugh maintenance burden…remove it! Option in about:config to control close buttons on tabs?…hardly anyone uses it and who cares about those people, anyway? Remove it! It’s not even that this one issue is a huge issue because you can still install manually, but it’s just yet one more time options are removed for their convenience. The right thing to do would be to have it disable any sideloaded extensions by default so they are enabled only if you choose and, as daveb mentioned, the ability for the extension manager to remove them. That would take more effort so obviously that can’t happen.

    4. Dumbledalf said on November 2, 2019 at 4:01 am
      Reply

      Firefox’ goal is to become the best Chrome clone it can be. That means if you want to change the Download directory, you have to modify your Firefox client with additional code.

      Firefox is dead and also a joke now.

  3. Ray said on November 1, 2019 at 6:55 pm
    Reply

    Is this just from the release version of Firefox? Are developer and unbranded versions affected?

  4. Anonymous said on November 1, 2019 at 9:10 pm
    Reply

    “Firefox users will benefit from the change as it removes an option that has been abused by malicious actors and also some software companies in the past to install extensions in Firefox.”

    What about software that needs to install an extension automatically in Firefox for legitimate reasons ? Will this still be possible ? Or is it again Mozilla’s trend to turn the browser into a locked box that users can’t control “for their own security”, but that Mozilla can play with remotely at any time to install spyware, and that gives to random web sites always increasing control on our computers ?

  5. Alex said on November 1, 2019 at 9:21 pm
    Reply

    > Mozilla announced this week that the organization’s Firefox web browser will stop supporting extension sideloading in Firefox 74.

    No, they did not.

    They will discontinue *one* *bad* method of sideloading (what this article calls “method 3”), but the other, *better* method of sideloading (what this article calls “method 2”) will continue to be supported.

    There will be no loss of functionality, unless you are writing malware.

    1. Anonymous said on November 2, 2019 at 1:59 pm
      Reply

      Yep, people complaining about it are haters or malware developers.

      1. Anonymous said on November 2, 2019 at 8:10 pm
        Reply

        “haters”

        Another magic word to kill all rational discussion. What is even a “hater” ? Does hating anything automatically disqualify any argument ? What about hating Google, hating corruption, hating ads, hating privacy invasions, hating having our freedom confiscated by some business, hating shills like you ? Or maybe it’s a term you reserve for anyone with strong opinions, or more exactly strong opinions that were not engraved by some corporate propaganda campaign ?

    2. Anonymous said on November 3, 2019 at 4:14 am
      Reply

      Right. Title was (unintentionally) misleading since that’s not how most users understand “sideloading”.

      When I read it, I thought you can only use AMO now!

  6. John C. said on November 2, 2019 at 10:17 am
    Reply

    Now, if they’re so concerned about end user security, I wish Mozilla would program in an ability to see which extensions in Firefox are calling out to remote servers and which ones they’re calling out to. AFAIK, there’s currently way in the Firefox UI to obtain this information, and I’m seeing a lot of this kind of activity in my fully updated (70.0.1) copy of Firefox.

  7. Glandos said on November 2, 2019 at 10:38 am
    Reply

    No one mentioned the case of GNU/Linux distribution, that use to package popular extensions, and install them in global directory to be sure it’s loaded for every user.

    This behavior will be broken. I think this is sad. I really think (like other people here) that the extension manager should be able to deal with sideloaded extension, and be able to disable them if they are read-only.

  8. Jozsef said on November 2, 2019 at 11:18 am
    Reply

    I have to agree with the general level of criticism aimed at Firefox for the most part but in this specific instance the change seems to be a good one. They are removing a vulnerability while maintaining the functionality and should not be condemned in a knee-jerk fashion simply on the basis of past mistakes.

    I personally think the management at Mozilla have lost their minds but maybe this is a first step back toward sanity. After all, anything is possible.

    1. Anonymous said on November 2, 2019 at 8:21 pm
      Reply

      “should not be condemned in a knee-jerk fashion simply on the basis of past mistakes.”

      Most of what Mozilla is criticized for is not past mistakes, it’s intentional and consistent behavior that they did not revert and even less apologize for. And the very few times when they apologized for doing something evil intentionally, it was obviously forced by a level a backlash they could not handle in spite of their extremely high threshold.

  9. Nebulus said on November 2, 2019 at 1:15 pm
    Reply

    IMO, the third option listed above used for side-loading extensions is more of a hack and Mozilla is right to remove it for security reasons.

  10. JohnIL said on November 2, 2019 at 1:39 pm
    Reply

    Firefox lost my support when its focus become less about function and More about being a net nanny browser for tin foil hat people. I mean where is all these users who Mozilla claims want such a browser?

    1. Dave said on November 3, 2019 at 6:08 am
      Reply

      @JohnL That would be the majority of people using web browsers on PC’s.

      The people that actually know how anything works on a PC are only a small minority and most of them realize that.

      The majority just wants it to work and has no interest in knowing how it works.

      I would like to see someone put out a browser that’s just a basic base that users could add the functions they wanted to and leave out the ones they don’t want, like building with Legos.

      100% customizable.

      1. user said on November 3, 2019 at 7:15 am
        Reply

        majority=sheeps band going to the slaughterhouse.

  11. user said on November 3, 2019 at 7:01 am
    Reply

    firefox became so ugly and stupid. lot of main functions are broken(flashgot, tab mix plus, extended statusbar). all features from gecko were removed.
    last move to say him R.I.P is removing support of any unsigned addons(ublock origin may became unsigned – google and other bastards wanted to kill it) and customcss. next step after removing manual install addons -destroy portable builds(like in chrome, user profile became broken(except chinese chromium).
    what hacks? any extensions which provided a lot of functional, but conflicted with google,mozilla and any other money kings became dead. where is the time of 2006-10?

    1. Anonymous said on November 3, 2019 at 12:53 pm
      Reply

      Grow up.

  12. stefann said on November 3, 2019 at 4:22 pm
    Reply

    Mozilla Firefox 200 can’t be started at all. New feature by Mozilla.

  13. Lawrence said on November 4, 2019 at 1:48 am
    Reply

    This comment thread is starting to stink like Twitter’s blue check mark woke brigade. Not sure why all the vitriol against Firefox. No public software will ever perfect or please everyone. Who do you think has your back more – Google? Apple? Microsoft? Not bloody likely. Get a grip will you. This site and comment section used to known for its courteous, thought-out contributions. Please leave the attacks and opinions for twatter and foolbook.

    1. Lord-Lestat said on November 4, 2019 at 12:27 pm
      Reply

      @Lawrence

      Let me think for a short moment… First and most important Mozilla is a greedy and jealous org which saw the loss of power user features and abandoning power users as some kind of ‘collateral damage’ – as Mozilla was thinking about ways to outsmart Google and defeat them – which worked only out in their most illusionary day-dreams.

      Also… we have Mozillas alignment with the most radical opinions and goals of the so-called ‘progressive movement’ these days.

      And last but not least – Mozilla is no longer a honest champion of the free web – what they care most for today is all about numbers – no matter if tables or quotas in whatever for a kind of way or plain market share numbers – and following Google Chrome in Mozillas quest to find a way to become the leader themselves!
      For this Mozilla has casted their own power user base aside – the kind of users who wanted unique features, made awesome full themes and add-ons which have beaten everything in direct comparison to what Mozilla offers today – creativity wise and in being so much more capable of what was able to do.

      An org which is acting that way – and still claims that they are honest and FOSS – is nothing less than spineless. Mozilla of the past earned indeed the batch to be honored, as it had visions and was fully respectable!

      What is left today of all of that is grave-robbing from their past – nothing more and nothing less and neither earns the name Mozilla or Firefox anymore.

  14. owl said on November 5, 2019 at 2:00 am
    Reply

    Let’s go back to the main topic!
    Now You: Do you use extensions that you installed locally in Firefox?

    I am using locally installed extensions with Firefox and Thunderbird.
    Example:
    ● Firefox “xpi-files”
    ・api_killer_indexeddb-1.0.3.6-an+fx.xpi
    ・brief-custom-style-dark.zip
    ● Thunderbird “xpi-files”
    ・CompactHeader-3.0.0beta1.xpi
    ・enigmail-2.1.1.1-tb.xpi
    ・enigmail-nightly-all.xpi
    ・manually_sort_folders_2.0.0pre1.xpi
    ・manually-sort-folders-201909221547.xpi

    Firefox and Thunderbird cannot implement extensions that have not been approved by Add-on Reviewers.
    However, even unapproved, there are useful extensions published on “GitHub”.
    It is also necessary to implement unapproved extensions (such as beta specifications) in tests to help develop extensions.
    Their implementation is limited to this third method.

    Careful judgment is desired so that they are not unjustly excluded.
    In other words, “Things that must not be excluded” and “Do not impose a burden on developers” should be sufficient consideration.

    Add-on Policies – Mozilla | MDN | Extension Workshop
    https://extensionworkshop.com/documentation/publish/add-on-policies/
    Add-ons/Reviewers/Guide/Reviewing | MozillaWiki
    https://wiki.mozilla.org/Add-ons/Reviewers/Guide/Reviewing

  15. OzMerry said on November 5, 2019 at 3:58 pm
    Reply

    Since the second option listed is still going to be available, the title of the article is misleading. It’s also possible to temporarily load an extension .xpi file via about:debugging.

    Thankfully these options won’t be discontinued because one extension I use a lot was removed from AMO some time ago, but since the .xpi file was still in the profile extensions folder, it could be sideloaded after the extension disappeared following the Firefox add-on certificate expiry debacle.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.