Tips for assessing the safety of an extension

No one has helped translate this article yet. If you already know how localizing for SUMO works, start translating now. If you want to learn how to translate articles for SUMO, please start here.

When installing an extension, you may see a message asking for permission to access data or features in your browser. If so, you will have to grant this permission before the extension can install.

Also note, if you are installing an extension from a website other than (AMO), you should verify the integrity of the source.

In all cases, you should be aware of the permissions you grant to any extension you’re considering. While most extensions are created by trustworthy third-party developers, bad actors may put your security and privacy at risk by using extensions to expose sensitive browsing data. This article will guide you in evaluating the safety of an extension you are planning to install or an extension that is currently installed.

permissions request

When a developer submits an extension to, it’s scanned for a set of common issues. It may also be subject to human review. But neither of these processes guarantee that an extension is absolutely 100% safe.

With permissions messages, you can see what data and features an extension wants to access, so you can make more informed choices about the software you’re considering.

If you’re unclear how to decide on an extension’s safety, here are a few questions to ask yourself:

  • Is the extension from a brand or developer I trust?

Most extensions, however, are written by individual developers who aren't well-known. So you might therefore want to ask:

  • Is the developer’s website, their blog, or social media activity consistent with the features of the extension?

Also consider:

  • How many other users have installed this extension? Does it have a good star rating and positive reviews?

If the extension doesn't have many reviews or you're still not reassured, then consider:

  • Are the permissions requests consistent with the features of the extension?

For example, if the extension is requesting access to your location, is there a location feature included in the description of the extension? In some cases, though, it may not be obvious how certain permissions relate to a feature of the extension, so you should ask:

  • Does the extension’s website or description on include an explanation of why the extension is requesting these permissions? Is the explanation consistent with the features of the extension?

If you'd like more information about every potential permission request you may encounter, please see Permission request messages for Firefox extensions.

For an even deeper analysis:

  • Does the extension have a privacy policy? Am I comfortable with the collection and processing of my data under the terms of the policy?

After probing these questions, you'll hopefully be satisfied that the extension is requesting an appropriate set of permissions.

While the vast majority of extension developers aren't interested in stealing your personal information or doing anything nefarious, you should be aware there are occasional bad actors. Always heed caution when installing extensions or any third-party software.

To view a list of extensions officially endorsed by Mozilla through the Recommended Extensions program, click here.

Was this article helpful?

Please wait...

These fine people helped write this article:

Illustration of hands


Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More