Add-on signing in Firefox

Firefox Firefox છેલ્લે સુધારાયેલ: 1 week, 1 day ago 38% of users voted this helpful
Our volunteers are working on translating this article. Until it's ready, maybe the English version can be of some help. If you want to help us translate articles like this one, please click here.

Firefox requires that most add-ons be digitally signed by Mozilla before they can be installed. This process helps protect you against malicious add-ons that could hijack your browser, steal information, or insert unwanted ads.

We know some users feel this limits their freedom of choice. While the policy isn’t optional in standard Firefox releases, you still have control over which signed add-ons to install, and developers have clear guidelines for getting their add-ons signed.

This article explains:

  • Why add-on signing is enforced
  • Which add-ons need signing
  • What happens if an add-on is unsigned
  • Options for advanced users and developers

Add-ons that can change your browser's settings without your consent or steal your information have become increasingly common. Some add-ons can add unwanted toolbars or buttons, change your search settings or inject ads into your computer. Firefox does now verify that the add-ons you install have been signed by Mozilla, digitally. This article explains the add-on signing feature and how it works.

What is add-on signing?

Add-ons give Firefox powerful customization options. But in recent years, malicious or deceptive add-ons have become more common. These could:

  • Change your homepage or search settings without consent
  • Insert ads, trackers, or toolbars into pages
  • Steal browsing data or login credentials

To reduce these risks, Mozilla verifies add-ons and applies a digital signature. Only signed add-ons can run in Firefox release builds. All add-ons hosted on addons.mozilla.org have to go through this process in order to be signed. Add-ons hosted on other sites will need to follow the same guidelines in order to be signed by Mozilla.

Developers: To learn more about the add-on signing guidelines, see Signing and distributing your add-on and Review Policies at MDN Web Docs.

Which add-ons need to be signed

The following must be signed:

The following do not require signing:

  • Plugins
  • Search engines

What happens if you install an unsigned add-on

  • Firefox will block installation of unsigned add-ons.
  • If you already have one installed, Firefox will disable it automatically and display a message in the Add-ons Manager.
  • If a signed version exists, you can reinstall it from the official Firefox Add-ons site.

If Firefox disables your add-ons

  1. Check for updates: Make sure you are running the latest version of Firefox. An outdated version may fail to verify add-ons.
  2. Look for signed versions: Visit addons.mozilla.org (AMO) to see if the developer has published an updated version.
  3. Contact the developer: If no signed version exists, you can reach out to the developer and request they submit their add-on for signing.

What are my options if I want to use an unsigned add-on? (advanced users)

Warning: These instructions are for experienced Firefox users. Changing settings in the Configuration Editor (about:config) can have serious effects on your browser’s stability, security and performance.
Only proceed if you are comfortable with advanced settings and understand the potential impacts.
Standard Firefox versions do not allow unsigned add-ons. However, there are special versions of Firefox that offer more flexibility:

  • Firefox Extended Support Release (ESR): Some versions allowed overrides, but most recent ESR releases also enforce signing.
  • Firefox Developer Edition and Nightly: You can disable signing checks here for testing.
  • Unbranded Firefox builds: These versions allow disabling signature enforcement, but they are primarily intended for developers and organizations.

To change the signature enforcement preference in supported builds:

  1. In the address bar, type about:config and press Enter.
  2. Click Accept the Risk and Continue.
  3. Search for:
    • xpinstall.signatures.required (extensions)
    • extensions.langpacks.signatures.required (language packs)
  4. Toggle the setting to False.

For developers

If you are an add-on developer:

User autonomy and Mozilla’s philosophy

We understand some users feel strongly that they should be able to install any software on their computer. Mozilla balances that autonomy with the responsibility to protect most users from harmful add-ons.

While unsigned add-ons aren’t supported in release builds, advanced users and developers can still use special Firefox versions to bypass signing. This approach protects the majority of users while still leaving flexibility for those who want it.

Related articles

These fine people helped write this article:

AliceWyman, philipp, Underpass, Tonnes, misibacsi, TyDraniu, Mozinet, lizhenry, Joni, Artist, drew.ray, jdc20181, Caitlin Neiman, Zppix, Mark Heijl, Rob Wu, Flavius Floare
Illustration of hands

Volunteer

Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More