Compare Revisions

Firefox keeps you safe by blocking unsigned or unverified add-ons. Learn more about add-ons signing.

Add-ons that change your browser's settings without your consent or steal your information have become increasingly common. Some add-ons add unwanted toolbars or buttons, change your search settings or inject ads or malware into your device. (Learn more about [[What is search hijacking? | search hijacking]].) This article explains how ''add-ons signing'' protects you against such threats. =What is add-ons signing?= Mozilla verifies and "signs" add-ons that follow a set of guidelines to ensure that users' information will not be stolen of manipulated. All add-ons hosted on addons.mozilla.org undergo this review process in order to be verified and signed. Add-ons hosted on other sites will need to follow the same guidelines in order to be signed by Mozilla. Add-ons signing '''targets only malware and browser hijacking'''. It does not control or censor the content that you choose to see. {note}'''Developers:''' Learn more about add-ons signing guidelines at [https://developer.mozilla.org/en-US/Add-ons/Add-on_guidelines Mozilla Developer Network].{/note} =How does add-ons signing protect me?= {for not fx40}Newer versions of Firefox (versions 40 and above) protect you against malware and browser hijackers by {for not fx40}warning you against{/for}{for fx41}blocking{/for} third-party add-ons that are not digitally signed and verified by Mozilla. To use this new feature, please [[Update Firefox to the latest version | update to the latest version of Firefox]].{/for} {for =fx40, =m40}While Firefox currently has a [[Add-ons that cause stability or security issues are put on a blocklist |blocklist]] system, it is increasingly difficult to track and block the growing number of malicious add-ons. The new add-ons signing process requires developers to follow [https://developer.mozilla.org/en-US/Add-ons/Add-on_guidelines Mozilla Developer guidelines] to ensure that their add-ons are safe. Firefox protects you by warning you when an add-on has not been verified through this signing process, but you can still install the unverified add-on at your own risk.{/for} {for =fx40, =m40} {note}Install add-ons only from developers you trust. Unverified add-ons may contain malware or hijackers that can alter your settings and steal your information.{/note} {/for} {for fx41, m41}Firefox protects you by allowing only digitally signed or verified add-ons to be installed on your browser. While Firefox currently has a [[Add-ons that cause stability or security issues are put on a blocklist |blocklist]] system, it is increasingly difficult to track and block the growing number of malicious add-ons. The add-ons signing process requires developers to follow [https://developer.mozilla.org/en-US/Add-ons/Add-on_guidelines Mozilla Developer guidelines] to ensure that their add-ons are safe.{/for} =What types of add-ons need to be signed?= Extensions (add-ons that add features to Firefox) will need to be signed. Themes, language packs and plugins do not need to be signed. =Where would I encounter unsigned add-ons?= Add-ons installed through the [https://addons.mozilla.org/firefox/ official Firefox Add-ons site] undergo a rigorous review process before they are published. These add-ons are signed and verified. When you install an add-on through another website, Firefox checks to make sure that the add-on has been digitally signed before you can install it.