Hubbry Logo
Add-on (Mozilla)Add-on (Mozilla)Main
Open search
Add-on (Mozilla)
Community hub
Add-on (Mozilla)
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Add-on (Mozilla)
Add-on (Mozilla)
Add-on (Mozilla)
View on Wikipedia
from Wikipedia
Related articles
Origins and lineage
Category

For Mozilla software, an add-on is a software component that extends the functionality of the Firefox web browser and related applications – although most are browser extensions. Mozilla provides add-ons to users via its official add-on website.[1]

In 2017, Mozilla enacted major changes to the application programming interface (API) for extensions in Firefox, replacing the long-standing XPCOM-based add-on APIs with the WebExtensions API that is modeled after Google Chrome's API.[2][3][4] Thus add-ons that remain compatible with Firefox are now largely compatible with Chrome as well.[5] As of January 2024, there are more than 36,000 add-ons and over 495,000 themes available for Firefox.[6][7]

Add-ons categories

[edit]

Themes

[edit]

Early versions of Firefox supported themes that could greatly change the appearance of the browser, but this was scaled back over time. Current themes are limited to changing the background and text color of toolbars,[8] formerly called personas, now called Firefox Themes.[9]

WebExtensions

[edit]

Starting with Firefox 57, only the new WebExtensions API is supported for extensions; relegating the older extension technology as legacy.[3][10]

Legacy extensions

[edit]

Prior to 2017, Firefox supported extensions developed via various APIs: XUL, XPCOM, and Jetpack.[11] Mozilla now refers to these as legacy extensions.[4]

Plug-ins

[edit]

Plug-ins are no longer supported in Firefox. In the past, they were used to handle media types for which the application did not have built-in capability. They were deprecated due to security concerns and improvements in Web APIs.[12] The last one that was officially supported was Adobe Flash Player, which Adobe discontinued in 2020.[13][14]

Security

[edit]

Mozilla had no mechanism to restrict the privileges of legacy Firefox extensions. This meant that a legacy extension could read or modify the data used by another extension or any file accessible to the user running Mozilla applications.[15] But the current WebExtensions API imposes security restrictions.[16]

Starting with Firefox 40, Mozilla began to roll out a requirement for extension signing.[17] It is now required in all official Firefox releases.[18]

Website

[edit]

The Mozilla add-ons website is the official repository for Firefox add-ons.[1] In contrast to mozdev.org which provides free hosting for Mozilla-related projects, the add-ons site is tailored for users. By default, Firefox automatically checks the site for updates to installed add-ons.[19]

Key Information

In January 2008, Mozilla announced that the site had accumulated a total of 600 million add-on downloads and that over 100 million installed add-ons automatically check the site for updates every day.[20] In July 2012, the total had increased to 3 billion downloads from the site.[21]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Add-on (Mozilla)

View on Grokipedia
from Grokipedia
In the context of , an add-on is a software component designed to extend and customize the functionality and appearance of the . These include extensions, which add practical features such as , password protection, tab management, and enhancements, and themes, which modify the browser's visual with colors, images, or layouts to suit user preferences. Add-ons are likened to applications for the browser, enabling users to make browsing faster, safer, more productive, or simply more enjoyable by integrating seamlessly with Firefox's core capabilities. Mozilla add-ons are developed using standard web technologies—HTML, CSS, and JavaScript—primarily through the cross-browser WebExtensions API, which was introduced in 2015 to standardize extension creation and facilitate compatibility with other browsers like Chrome and Edge. Developers submit add-ons for review and digital signing by Mozilla to ensure security and compliance with policies that prioritize user privacy, transparency, and avoidance of harmful practices. Once approved, add-ons are distributed mainly via the official Mozilla Add-ons website (addons.mozilla.org), where users can search, install, and manage them directly from Firefox, with automatic updates to maintain compatibility and security. The add-on ecosystem traces its origins to the early development of Firefox's predecessors, with the first rudimentary extension support appearing in Phoenix 0.2 around 2002, followed by a dedicated manager in 0.9 in 2004. Over time, features evolved to include unified management in 2.0 (2006), plugin integration and direct downloads in 3.0 (2008), and mandatory signing enforcement starting with 43 in December 2015 to combat malicious extensions. The shift to WebExtensions marked a pivotal modernization, phasing out legacy XUL-based add-ons by 2017 to promote a more secure, performant, and developer-friendly platform while preserving 's commitment to user customization.

Overview

Definition and Purpose

Mozilla add-ons include extensions and themes, which are software components that extend and customize the functionality of and other applications, such as Thunderbird, by integrating additional features built with web technologies including , CSS, and . These add-ons enable users to enhance their browsing experience in ways that go beyond the browser's default capabilities, supporting a wide range of applications from personal customization to professional workflows. The primary purposes of Mozilla add-ons include modifying the for better , adding new features such as ad-blocking to reduce distractions or password management to streamline secure logins, and integrating with external web services to expand browser interactions. They provide tools for , like tab organization to manage multiple sessions efficiently, and enhancements, such as privacy controls that isolate browsing activities to prevent tracking. By allowing these modifications, add-ons empower users to tailor to specific needs, making web browsing faster, safer, and more personalized. Unlike built-in browser features pre-shipped by , add-ons are user-installable and primarily developed by the community, fostering innovation through open contribution and distribution via platforms like addons.mozilla.org. Over time, add-ons have evolved from early plug-in models, which relied on less secure native code interfaces like , to modern standards such as WebExtensions, emphasizing cross-browser compatibility and improved security through sandboxed web-based execution.

Historical Development

Mozilla add-ons originated in early Firefox previews around 2002, with stable support introduced in 1.0 on November 9, 2004, which introduced extension support through the framework for user interfaces and XPCOM for cross-platform components, enabling developers to extend browser functionality with JavaScript-based overlays. This foundational system allowed for lightweight, task-specific additions that integrated seamlessly with the browser's architecture. Themes were introduced around 2004 alongside early extensions. Between 2006 and 2010, the add-on ecosystem expanded rapidly, driven by the popularity of security-focused extensions like Adblock Plus, first released in 2006, and NoScript, which gained prominence by 2009 amid high-profile developer interactions that underscored their widespread use among millions of users. In August 2015, Mozilla announced the WebExtensions API as a standardized framework inspired by Chrome's extension model, aiming to improve cross-browser compatibility and simplify development while phasing out legacy XUL and XPCOM dependencies. The API debuted experimentally in Firefox 45 in December 2015 and became the required standard for new extensions by November 2017. From 2017 to 2021, deprecation accelerated: NPAPI plug-ins, used for legacy content like Java and Silverlight, were fully disabled in Firefox 52 on March 7, 2017, except for Flash, which ended later. Stricter enforcement of add-on signing, mandatory since Firefox 40 in 2015, continued with policy updates in May 2019 to enhance review and blocking of unverified or malicious extensions to bolster security. Recent updates from 2022 to 2025 have emphasized and , with mandatory digital signing required for all add-ons distributed via Mozilla's platform to prevent tampering. introduced Manifest V3 support starting in late 2022, aligning with Chrome's API for better performance and privacy controls, with ongoing support for both Manifest V2 and V3, even as phases out V2 in Chrome by mid-2025. Mozilla's privacy policies, influenced by regulations like the EU's GDPR (effective since May 2018), now mandate explicit data collection disclosures in extension manifests for new submissions effective November 3, 2025. A pivotal event was Mozilla's 2020 roadmap outlining the sunset of legacy extensions in standard releases by 109 in January 2023, prompting adaptations such as uBlock Origin's successful transition to WebExtensions while retaining core features.

Types of Add-ons

Themes

Themes are a category of lightweight add-ons for Firefox that enable users to customize the browser's visual appearance, such as colors, background images, designs, and icons, without altering core functionality or adding interactive features. These modifications focus exclusively on aesthetics, allowing personalization of the to match user preferences, system themes, or needs. Firefox supports two primary historical types of themes: complete themes, which provided a full overhaul of the browser's including menus, tabs, and layout elements, and lightweight themes (formerly known as Personas), which are more restricted and primarily change the background , toolbar colors, and header area. Complete themes, introduced in early versions around 2007, offered extensive customization but were deprecated in favor of lighter alternatives due to compatibility issues with modern updates; as of 2025, they are no longer supported, with built-in options like , , and serving as replacements for basic UI overhauls. Lightweight themes remain the standard, developed using the WebExtensions API to apply static or dynamic visual changes without impacting performance. The development of themes dates back to 2007 with initial support for complete themes in , but lightweight themes were formally introduced in Firefox 3.6 in 2010 as a simpler way to apply visual skins. Over time, evolved the format to align with WebExtensions standards, where themes are defined using a that specifies colors, images, and properties like toolbar and accent hues, without requiring CSS files for basic implementations. This shift, completed by around 2017, emphasized compatibility and ease of distribution, allowing themes to be installed directly from the Add-ons Website. As of November 2025, over 15,000 themes are available on the Add-ons site, spanning categories like seasonal designs, solid colors, and custom patterns created via tools such as Color for accessibility-focused options like high-contrast or inverted schemes. Popular examples include dynamic themes that adjust based on time of day or site-specific visuals, enhancing without functional extensions. A key limitation of themes is their lack of scripting capabilities or access to broader browser APIs, restricting them to declarative changes in appearance only—such as predefined colors and images—to ensure security and stability. This design prevents themes from interacting with web content, tabs, or user data, differentiating them from full extensions and keeping them focused purely on aesthetic customization.

WebExtensions

WebExtensions represent the modern standard for developing browser extensions in , introduced by in 2015 to enable cross-browser compatibility with browsers such as Chrome and Edge. This API framework is built primarily on web technologies including , CSS, and , allowing developers to create extensions that modify browser behavior without relying on proprietary Mozilla-specific code. The initial stable implementation arrived with 45 in early 2016, marking a shift toward standardized extension development that prioritizes portability and security. Key features of WebExtensions include the manifest.json file, which defines the extension's structure, permissions, and capabilities. Prior to 2025, most extensions used Manifest Version 2 (V2), which supported persistent background pages for ongoing tasks; however, starting in 2023, began transitioning to Manifest Version 3 (V3) for enhanced security and performance, replacing background pages with event-driven service workers. The permissions system operates on a scoped model, requiring explicit user approval for access to sensitive areas like tabs, storage, or web requests, thereby minimizing potential privacy risks. Common use cases for WebExtensions involve injecting content scripts to modify elements, displaying browser action popups for user interfaces, and integrating with APIs such as storage.sync for synchronized data across devices. These capabilities enable functionalities like ad blocking, privacy enhancements, and productivity tools. By 2025, following the full disablement of legacy add-ons in 2018, the overwhelming majority of active Firefox extensions—over 36,000 listed on the official add-ons site—utilize the WebExtensions format. Prominent examples include , a content blocker that filters network requests, and , which automatically learns to block tracking domains. Advantages of WebExtensions include simplified porting to other browsers due to API alignment with Chrome's extension model, eliminating the need for knowledge of Mozilla's legacy XUL framework. This standardization has facilitated broader developer adoption and maintenance across ecosystems.

Legacy Extensions

Legacy extensions in Mozilla Firefox refer to add-on formats that relied on XUL (XML User Interface Language) and XPCOM (Cross-Platform Component Object Model) for deep integration with the browser's core functionality, allowing developers to create highly customized user interfaces and access low-level APIs. These extensions were introduced alongside early versions of Firefox starting in 2004, enabling advanced features like custom overlays and direct manipulation of browser components that were not possible in later formats. During their peak usage from 2004 to approximately 2015, legacy extensions powered a wide array of sophisticated tools, including the popular debugging add-on, which facilitated live editing of , CSS, and until its discontinuation in 2017 with the release of 57. This era saw thousands of extensions leveraging and XPCOM to enhance developer productivity and user customization, forming the backbone of Firefox's extension ecosystem before the shift to more standardized APIs. Mozilla began deprecating legacy extensions with the announcement in 2015, culminating in Firefox 57 (released November 2017), which disabled support for new installations and marked them as incompatible in standard releases. Existing installations continued to function temporarily in Extended Support Release (ESR) versions up to ESR 52, whose support ended in September 2018, after which all legacy add-ons were disabled on addons.mozilla.org. Temporary re-enablement options via configuration flags, such as extensions.legacy.enabled, were available in post-57 versions but were phased out by 2023 as part of ongoing compatibility hardening. The phase-out was driven by security vulnerabilities inherent in the format's privileged access to browser internals, which increased risks of exploits and ; the high maintenance burden of supporting outdated and XPCOM code amid evolving browser architectures; and Mozilla's commitment to web standards through the WebExtensions API for better cross-browser compatibility and performance. risks were amplified in legacy extensions due to their ability to bypass sandboxing, unlike the isolated execution model of modern alternatives. As of 2025, legacy extensions are no longer supported in standard releases and can only be used in community-maintained forks like , which preserve /XPCOM compatibility for users needing older add-ons. provides official migration guides to port legacy extensions to WebExtensions, including tools for data transfer and mapping to ease the transition for developers.

Plug-ins

Plug-ins in the context of Mozilla products are native code modules that utilize the Plugin Application Programming Interface (), enabling the browser to load and render specialized content such as multimedia elements or external applications, including animations and applets. These binary components extend browser capabilities by executing outside the standard web rendering engine, allowing for hardware-accelerated processing of formats not natively supported by at the time. During the 1990s and 2010s, plug-ins were essential for delivering rich media experiences prior to the maturation of , filling gaps in browser-native support for interactive and dynamic content. A key example is , which powered much of the web's video, animation, and gaming content and remained supported in until its official end-of-life on December 31, 2020. Mozilla began deprecating NPAPI plug-ins to address security vulnerabilities and performance issues, starting with the enforcement of click-to-play in 23 (released in August 2013), which required users to manually activate plug-ins on a per-site basis. This progressed to the complete disablement of all NPAPI plug-ins except Flash in 52 (March 2017), and following Flash's discontinuation, full removal of NPAPI support in 85 (January 2021). Contemporary alternatives have rendered plug-ins obsolete, with HTML5 providing built-in standards for embedding and playing video and audio directly in the browser without external dependencies. For computationally intensive tasks once managed by plug-ins, offers a portable, secure binary format that runs at near-native speeds within the browser's sandboxed environment. By 2025, plug-ins remain entirely unsupported across all products, including and its derivatives, with any legacy deployment restricted to enterprise settings via custom or extended support builds.

Security and Privacy

Vulnerabilities and Risks

Malicious add-ons in Mozilla Firefox pose significant security threats primarily through excessive permissions that enable theft, such as accessing browsing history, , and form without user consent. For instance, extensions requesting broad permissions like "read and change all your on all websites" can intercept sensitive , leading to theft and privacy violations. Supply-chain attacks further exacerbate these risks, where attackers compromise developer accounts to inject into legitimate extensions. In August 2025, Mozilla warned of an active campaign targeting add-on developer accounts on AMO, potentially enabling supply-chain attacks. Historical incidents highlight the evolution of these vulnerabilities. In 2015, multiple exploits in the plug-in, integrated as a legacy add-on component, allowed remote code execution and were addressed by Mozilla temporarily blocking the plugin across Firefox versions. Similarly, in early 2020, Mozilla banned 197 malicious add-ons from its store after discovering they engaged in unauthorized and ad injection, many of which had evaded initial reviews due to lax signing enforcement prior to stricter mandates. Key risk factors include over-privileged access in legacy extensions, which granted full browser privileges like arbitrary file reads and XPCOM API usage, enabling severe exploits such as system-level injection. attacks via fake add-ons distributed on third-party sites also proliferate, tricking users into unsigned extensions that bypass Mozilla's official safeguards. These vulnerabilities impact users through data breaches exposing personal information, performance degradation from resource-intensive malicious scripts, and browser crashes induced by unstable code. In 2025, campaigns like FoxyWallet involved over 40 malicious WebExtensions impersonating cryptocurrency wallets, potentially affecting thousands by stealing private keys. Studies indicate that while exact annual flagging rates vary, Mozilla's review process identifies and removes hundreds of suspicious add-ons yearly, with obfuscated code in about 5-10% of submissions raising red flags. Risks differ by add-on type: themes present low threats, limited to cosmetic changes without executable code or permissions. In contrast, WebExtensions carry higher risks due to their scripting capabilities for dynamic content manipulation, though sandboxing and permission scoping mitigate some exposures compared to legacy formats.

Mitigation and Best Practices

Mozilla has implemented robust measures to mitigate security risks associated with add-ons. Mandatory digital signing was fully enforced starting with 48 in May 2016 for release and beta channels, following a phased rollout beginning in late 2015, ensuring that only verified code can run and helping to prevent the distribution of tampered or malicious software. Additionally, every add-on submission to the (AMO) undergoes automated review using tools like the addons-linter for validation checks and the AMO validator for detecting potential security vulnerabilities, badware, and policy violations through static analysis. The AMO moderation team further enforces these standards by actively removing malicious add-ons to maintain ecosystem integrity. As of November 3, 2025, new extensions must declare in their manifest whether they collect or transmit , promoting greater transparency. Users play a critical role in add-on security by following best practices to minimize exposure to threats like permission abuse. It is recommended to install add-ons exclusively from the official AMO website, where they undergo rigorous , rather than from untrusted third-party sources that may distribute unsigned or compromised versions. Before approving an installation, users should carefully the requested permissions to ensure they align with the add-on's stated purpose and do not grant unnecessary access to sensitive data or browser functions. also features a built-in blocklist mechanism that automatically detects and disables add-ons flagged as risky based on Mozilla's ongoing monitoring and reports, providing an additional layer of protection without user intervention. Technical safeguards inherent to modern add-on architectures further reduce potential harms. WebExtensions, the current standard for add-ons, operate within a sandboxed environment that isolates extension code from core browser processes and other tabs, limiting the impact of any exploited vulnerabilities. Add-ons receive automatic updates by default, ensuring that security patches and fixes are applied promptly to address newly discovered issues without relying on manual user action. The adoption of Manifest V3 further enhances these protections by replacing persistent background scripts with non-persistent service workers, thereby reducing the opportunities for extensions to maintain indefinite access to user data or system resources. For enterprise environments, provides tools to enforce stricter controls over add-on usage. Administrators can configure objects (GPOs) in Windows to whitelist specific add-ons by their unique identifiers, blocking all others from installation or execution and ensuring compliance with organizational security policies. The combined impact of these mitigation strategies has proven effective in reducing malicious add-on infections.

Distribution and Management

Add-ons Website

The Add-ons website, known as addons.mozilla.org (AMO), serves as the official central repository for discovering, distributing, and managing Mozilla add-ons. Launched on March 27, 2007, it provides a unified platform for users to browse and install extensions, themes, and other compatible add-ons for and related products. AMO hosts a wide range of add-ons, encompassing functionalities from tools to enhancers. Key features of AMO include advanced search capabilities that allow users to query add-ons by keywords, functionality, or compatibility; user ratings and reviews, which provide feedback on performance and reliability; and categorized browsing sections such as Privacy & Security, , and to facilitate discovery. Developers benefit from a dedicated Developer Hub dashboard, where they can submit new add-ons, manage updates, track performance metrics, and respond to user feedback. The site also supports mobile users through a dedicated section for extensions, enabling seamless browsing and installation on mobile devices. AMO employs a tiered review process to ensure add-on quality and security: listed add-ons submitted for hosting on the site undergo full human review, including code inspection and , while self-hosted (unlisted) add-ons receive automated signing with potential post-publication audits if issues arise. Approval times for submissions can vary based on queue volume and . Integration with Mozilla accounts allows users to sync their installed add-ons across devices, enhancing portability and management. Platform policies emphasize user trust and openness, prohibiting paid promotions or sponsored placements to maintain an unbiased discovery experience, while strongly encouraging developers to release add-ons under open-source licenses such as the . As of November 2025, all new extensions must disclose if they collect or transmit , with existing extensions required to comply by mid-2026.

Installation and Compatibility

Add-ons for Mozilla products are primarily installed through the official Add-ons for Firefox website (AMO), where users can discover and add extensions or themes with a one-click approval process after reviewing permissions. This method ensures signed add-ons are securely downloaded and integrated into , with automatic updates handled by the browser. For local installations, users can a .xpi file into the Add-ons Manager window or use the "Install Add-on From File" option under the gear , allowing manual addition of downloaded packages. Sideload installation, often used by developers for testing, involves loading temporary add-ons via the about:debugging page by selecting "Load Temporary Add-on" and choosing a file from the extension directory; these are not permanent and are removed on browser restart unless using developer editions or tools like web-ext for ongoing development. Permanent sideload of unsigned add-ons has been disabled by default in release versions of since 2019, requiring submission to AMO for signing to enable distribution and updates. Compatibility is centered on for desktop and mobile, where add-ons must declare version requirements in their manifest.json file using keys like strict_min_version to ensure they run only on supported browser releases; for example, Manifest V3 add-ons require at least Firefox 109. Thunderbird offers partial support for WebExtensions add-ons, installed similarly through its Add-ons Manager, though not all Firefox-specific APIs are available. Cross-version support for WebExtensions extends back to Firefox 45, enabling broad compatibility across releases, while themes have been universally applicable since Firefox 4, adapting to interface changes without version restrictions. Common troubleshooting issues include conflicts with , which may block installations as unverified; users can resolve this by adding exceptions in 's Privacy & Security settings or temporarily disabling the antivirus during install. Update failures often stem from version incompatibilities, fixable by updating or selecting compatible add-on versions from AMO, while multi-profile management allows isolating add-ons per profile via the Profile Manager to avoid conflicts. As of 2025, Android installations occur directly via the Firefox app's Add-ons Manager, where users browse addons.mozilla.org/android, select an extension, and confirm permissions for integration. Legacy extensions receive no support in Extended Support Release (ESR) versions post-2023, as compatibility ended with ESR 52 in 2018, with subsequent ESR releases like 115 focusing solely on WebExtensions. During installation from AMO, Firefox prompts users to review permissions to maintain security.

Development

Creation Process

Creating a Mozilla add-on, primarily through the WebExtensions framework, requires developers to have a foundational knowledge of web technologies such as , , and CSS. Familiarity with command-line tools and text editors is also beneficial for efficient development. To begin, developers must create a Account, which is necessary for accessing developer tools and submitting add-ons to the Add-ons Mozilla Organization (AMO) site. The development process starts with initializing a project directory and using the web-ext (CLI) tool, which automates much of the workflow for building, testing, and packaging extensions. Developers define the core configuration in a manifest.json file, specifying metadata like the add-on's name, version, permissions, and content scripts that leverage WebExtensions APIs for functionality. Local testing follows, where the extension is loaded temporarily into via the about:debugging page or by running web-ext run, allowing developers to iterate on features in a live browser environment with an empty profile to avoid interference from other extensions. Once tested, the extension is packaged using web-ext build to create a .zip file, which can then be signed into a .xpi format via web-ext sign for distribution. Submission to AMO involves uploading the signed .xpi file through the developer dashboard after logging in with a Mozilla Account. Developers have two main options: self-distribution, where the add-on is signed but not listed on AMO for public discovery, or full listing on AMO, which requires a comprehensive review for compliance with Mozilla's policies to enable featured placement and broader visibility. Additionally, as of November 3, 2025, all new extensions must specify in the manifest whether they collect or transmit personal data. For add-ons that collect user data, a privacy policy is mandatory, detailing what data is gathered, how it is used, and any transmission to third parties; this must be provided during submission and is verified as part of the review. The web-ext tool, installed via Node.js (requiring the current LTS version), handles linting with web-ext lint to check for errors and ensures compatibility. Note that the legacy Add-on SDK, once used for extension development, was deprecated in November 2017, with Mozilla now focusing exclusively on WebExtensions. From prototyping to approval, the full typically takes 1-2 weeks, depending on the and whether manual review is triggered; automated signing can occur within 24 hours, but full reviews for listed add-ons may extend to several days or more if issues arise. Updates to approved add-ons are pushed automatically via AMO, streamlining maintenance after initial submission.

APIs and Standards

Mozilla add-ons, built using the WebExtensions framework, primarily utilize the browser.* namespace for core APIs that enable interaction with browser functionality. This namespace provides asynchronous, Promise-based methods for various operations, ensuring cross-browser compatibility when paired with polyfills. For instance, the browser.tabs API allows developers to manage tabs by querying active tabs, creating new ones, updating their properties, or removing them, which is essential for extensions handling navigation or multi-tab workflows. Similarly, the browser.storage API facilitates data persistence through key-value stores, supporting local, synced, or session-based storage with change listeners, allowing extensions to save user preferences or state across sessions without relying on external servers. WebExtensions adhere to evolving standards, with support for Manifest V3 introduced in 109 in 2023, while Manifest V2 remains supported alongside it, introducing service workers to replace persistent background pages for improved performance and security. In Manifest V3, the background key specifies a service worker script (e.g., "background": {"service_worker": "background.js"}), which runs on demand rather than continuously, supported in from version 109 released in January 2023. The declarativeNetRequest API, also part of Manifest V3, enables network modifications like ad-blocking through declarative rules without injecting scripts into web pages, reducing security risks and improving efficiency; it is declared in the manifest via the "declarative_net_request" key and was fully supported in 113 from May 2023. The permissions model in WebExtensions requires developers to declare necessary permissions upfront in the manifest.json file to access sensitive APIs or host resources, promoting transparency and user control. Host and content permissions, such as match patterns for specific domains (e.g., "<all_urls>" or "*://example.com/*"), are specified under host_permissions in Manifest V3 or permissions in V2, granting capabilities like injecting content scripts or accessing tab metadata only for approved sites. Runtime checks occur during installation, where users are prompted to review and approve permissions, and post-install, the browser enforces these limits to prevent unauthorized access or abuse, with options like the activeTab permission providing temporary, user-initiated access to the current tab. Advanced features support innovation and compatibility in add-on development. The webextension-polyfill library enables seamless use of the browser.* namespace in Chrome-based browsers, which natively use chrome.*, by providing a unified Promise-based and ensuring legacy extensions can migrate without major rewrites; it is available via or and integrates directly into extension scripts. For testing beta or emerging , developers can leverage experimental implementations through browser flags or proposals, though formal experiments have evolved into integrated API previews aligned with ongoing standardization efforts. Mozilla provides privacy-focused APIs within the browser.privacy namespace to give users and developers greater control over data handling. The browser.privacy.network property, for example, allows extensions to query and modify network-related privacy settings, such as enabling or disabling WebRTC IP handling policies, via BrowserSetting objects that reflect current configurations. These updates align WebExtensions more closely with W3C standards through the WebExtensions Community Group, established in 2021 by major browsers including , to standardize extension APIs and ensure future-proofing across platforms.

References

  1. https://support.mozilla.org/en-US/kb/find-and-install-add-ons-add-features-to-firefox
  2. https://addons.mozilla.org/en-US/firefox/extensions/
  3. https://addons.mozilla.org/en-US/firefox/themes/
  4. https://addons.mozilla.org/en-US/firefox/
  5. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions
  6. https://extensionworkshop.com/documentation/publish/add-on-policies/
  7. https://wiki.mozilla.org/Add-ons/Extension_Signing
  8. https://support.mozilla.org/en-US/kb/add-on-signing-in-firefox
  9. https://www.oxymoronical.com/blog/2010/07/History-of-the-Add-ons-Manager/
  10. https://blog.mozilla.org/addons/2015/08/21/the-future-of-developing-firefox-add-ons/
  11. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons
  12. https://developer.mozilla.org/en-US/Add-ons/AMO/Policy
  13. https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/52
  14. https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/57
  15. https://www-archive.mozilla.org/projects/firefox/extensions/obsolete/extensions.html
  16. https://arstechnica.com/information-technology/2005/09/linux-20050907/
  17. https://blog.adblockplus.org/blog/the-semi-authoritative-semi-complete-history-of-the-adblock-plus-project
  18. https://blog.mozilla.org/addons/2015/12/21/webextensions-in-firefox-45-2/
  19. https://support.mozilla.org/en-US/kb/npapi-plugins
  20. https://blog.mozilla.org/addons/2019/05/02/add-on-policy-and-process-updates/
  21. https://blog.mozilla.org/addons/2024/05/14/manifest-v3-updates/
  22. https://blog.mozilla.org/en/firefox/firefox-manifest-v3-adblockers/
  23. https://blog.mozilla.org/addons/2025/10/23/data-collection-consent-changes-for-new-firefox-extensions/
  24. https://extensionworkshop.com/documentation/develop/manifest-v3-migration-guide/
  25. https://support.mozilla.org/en-US/kb/use-themes-change-look-of-firefox
  26. https://www.firefox.com/en-US/features/customize/
  27. https://blog.mozilla.org/addons/2017/02/24/improving-themes-in-firefox/
  28. https://support.mozilla.org/en-US/kb/built-themes-firefox-alternative-complete-themes
  29. https://extensionworkshop.com/documentation/themes/static-themes/
  30. https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/3.6/Updating_themes
  31. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/theme
  32. https://extensionworkshop.com/documentation/themes/
  33. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json
  34. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Your_first_WebExtension
  35. https://blog.mozilla.org/addons/2018/08/21/timeline-for-disabling-legacy-firefox-add-ons/
  36. https://browserbeast.com/browser-extension-installation-habits-and-market-size/
  37. https://extensionworkshop.com/documentation/develop/about-the-webextensions-api/
  38. https://yoric.github.io/post/why-did-mozilla-remove-xul-addons/
  39. https://www.zdnet.com/home-and-office/networking/mozilla-changes-firefox-apis-developers-unhappy/
  40. https://hacks.mozilla.org/2017/10/saying-goodbye-to-firebug/
  41. https://blog.mozilla.org/addons/2017/10/03/legacy-add-on-support-on-firefox-esr/
  42. https://github.com/Rob--W/enablelegacy-firefox-addons
  43. https://palant.info/2015/08/23/missing-a-rationale-for-webextensions/
  44. https://itsfoss.com/waterfox-browser/
  45. https://bestreviews.net/waterfox-reviews/
  46. https://blog.mozilla.org/addons/2017/01/20/migrating-to-webextensions-port-your-stored-data/
  47. https://blog.mozilla.org/addons/2017/03/17/migrating-webextensions-dont-forget-users/
  48. https://www.computerhope.com/jargon/n/npapi.htm
  49. https://blog.chromium.org/2013/09/saying-goodbye-to-our-old-friend-npapi.html
  50. https://support.mozilla.org/en-US/kb/end-support-adobe-flash
  51. https://www.ghacks.net/2020/11/16/firefox-84-will-be-the-last-version-with-npapi-plugin-support/
  52. https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/
  53. https://cheatsheetseries.owasp.org/cheatsheets/Browser_Extension_Vulnerabilities_Cheat_Sheet.html
  54. https://support.mozilla.org/en-US/kb/tips-assessing-safety-extension
  55. https://blog.mozilla.org/addons/2025/08/01/warning-phishing-campaign-detected/
  56. https://www.theregister.com/2015/07/14/firefox_blocks_flash/
  57. https://latesthackingnews.com/2020/01/28/mozilla-bans-197-malicious-firefox-add-ons-amidst-crackdown/
  58. https://courses.csail.mit.edu/6.857/2018/project/srilayab-tsmith12-felicity-FFExt.pdf
  59. https://www.theregister.com/2025/08/04/mozilla_add_on_phishing/
  60. https://thehackernews.com/2025/07/over-40-malicious-firefox-extensions.html
  61. https://arxiv.org/html/2503.04292v2
  62. https://support.mozilla.org/en-US/kb/recommended-extensions-program
  63. https://wiki.mozilla.org/Add-ons/Reviewers/Guide/Reviewing
  64. https://github.com/mozilla/amo-validator
  65. https://support.mozilla.org/en-US/kb/add-ons-cause-issues-are-on-blocklist
  66. https://extensionworkshop.com/documentation/develop/build-a-secure-extension/
  67. https://support.mozilla.org/en-US/kb/how-update-add-ons
  68. https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-policy-windows
  69. https://mozilla.github.io/policy-templates/
  70. https://blog.mozilla.org/press/2007/03/mozilla-launches-new-firefox-add-ons-web-site/
  71. https://addons.mozilla.org/en-US/developers/
  72. https://addons.mozilla.org/en-US/android/
  73. https://extensionworkshop.com/documentation/publish/submitting-an-add-on/
  74. https://support.mozilla.org/en-US/kb/access-your-add-ons-firefox-accounts
  75. https://www.mozilla.org/en-US/about/legal/amo-policies/
  76. https://extensionworkshop.com/documentation/publish/firefox-add-on-distribution-agreement/
  77. https://support.mozilla.org/en-US/kb/find-and-install-add-ons-add-features-firefox
  78. https://support.mozilla.org/en-US/kb/unable-install-add-ons-extensions-or-themes
  79. https://extensionworkshop.com/documentation/develop/temporary-installation-in-firefox/
  80. https://support.mozilla.org/en-US/kb/installing-addon-thunderbird
  81. https://support.mozilla.org/en-US/kb/troubleshoot-issues-related-to-add-ons
  82. https://support.mozilla.org/en-US/kb/find-and-install-add-ons-firefox-android
  83. https://blog.mozilla.org/futurereleases/2025/09/04/firefox-esr-115-support-for-windows-7-8-and-8-1-and-old-mac-os-versions-extended-until-march-2026/
  84. https://extensionworkshop.com/documentation/develop/getting-started-with-web-ext/
  85. https://extensionworkshop.com/documentation/publish/signing-and-distribution-overview/
  86. https://discourse.mozilla.org/t/need-clarification-about-sdk-extensions-deprecation-consequences/16439
  87. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/tabs
  88. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/storage
  89. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/background
  90. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/declarative_net_request
  91. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions
  92. https://github.com/mozilla/webextension-polyfill
  93. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/privacy/network
  94. https://www.w3.org/community/webextensions/
Add your contribution
Related Hubs
User Avatar
No comments yet.