Add-on signing in Firefox

Revision Information
  • Revision id: 102359
  • Created:
  • Creator: Joni
  • Comment: minor editing to philipp's addition
  • Reviewed: No
  • Ready for localization: No
Revision Source
Revision Content

Add-ons that change your browser's settings without your consent or steal your information have become increasingly common. Some add-ons add unwanted toolbars or buttons, change your search settings or inject ads or malware into your device. This article explains how add-on signing protects you against such threats.

What is add-on signing?

Mozilla verifies and "signs" add-ons that follow a set of guidelines to ensure that users' information will not be stolen or manipulated. All add-ons hosted on addons.mozilla.org undergo this review process in order to be verified and signed. Add-ons hosted on other sites will need to follow the same guidelines in order to be signed by Mozilla.

Add-on signing targets only malware and browser hijacking. It does not control or censor the content that you choose to see.

Developers: Learn more about add-on signing guidelines at Mozilla Developer Network.

What to do if Firefox has disabled an unsigned add-on

If any of your installed add-ons get disabled because they haven't been verified, contact the add-on developer or vendor to see if they can offer an updated and signed version of that add-on. You can also ask them to get their add-on signed by following the developer guidelines.

How does add-on signing protect me?

Newer versions of Firefox (version 40)(version 41 and above) protect you against malware and browser hijackers by warningblocking you against third-party add-ons that are not digitally signed and verified by Mozilla. To use this new feature, please update to the latest version of Firefox.

While Firefox currently has a blocklist system, it is increasingly difficult to track and block the growing number of malicious add-ons. The new add-ons signing process requires developers to follow Mozilla Developer guidelines to ensure that their add-ons are safe. Firefox protects you by warning you when an add-on has not been verified through this signing process, but you can still install the unverified add-on at your own risk.

Install add-ons only from developers you trust. Unverified add-ons may contain malware or hijackers that can alter your settings and steal your information.

Firefox protects you by allowing only digitally signed or verified add-ons to be installed on your browser. While Firefox currently has a blocklist system, it is increasingly difficult to track and block the growing number of malicious add-ons. The add-ons signing process requires developers to follow Mozilla Developer guidelines to ensure that their add-ons are safe.

What types of add-ons need to be signed?

Extensions (add-ons that add features to Firefox) will need to be signed. Themes, language packs and plugins do not need to be signed.

Where would I encounter unsigned add-ons?

Add-ons installed through the official Firefox Add-ons site undergo a rigorous review process before they are published. These add-ons are signed and verified.

When you install an add-on through another website, Firefox checks to make sure that the add-on has been digitally signed before you can install it.