Tips for assessing the safety of an extension
When installing an extension, you may see a message asking for permission to access data or features in your browser. If so, you will have to grant this permission before the extension can install.
Also note, if you are installing an extension from a website other than addons.mozilla.org (AMO), you should verify the integrity of the source.
In all cases, you should be aware of the permissions you grant to any extension you’re considering. While most extensions are created by trustworthy third-party developers, bad actors may put your security and privacy at risk by using extensions to expose sensitive browsing data. This article will guide you in evaluating the safety of an extension you are planning to install or extension that is currently installed.
When a developer submits an extension to addons.mozilla.org, it’s scanned for a set of common issues. It may also be subject to human review. But neither of these processes guarantee that an extension is absolutely 100% safe.
With permissions messages, you can see what data and features an extension wants to access, so you can make more informed choices about the software you’re considering.
If you’re unclear how to make a decision about an extension’s safety, here are a few questions to ask yourself:
- Is the extension from a brand or developer I trust?
Most extensions, however, are written by individual developers who aren't well-known. So you might therefore want to ask:
- Is the developer’s website, their blog, or social media activity consistent with the features of the extension?
- How many other users have installed this extension? Does it have a good star rating and positive reviews?
If the extension doesn't have many reviews or you're still not reassured, then consider:
- Are the permissions requests consistent with the features of the extension?
For example, if the extension is requesting access to your location, is there a location feature included in the description of the extension? In some cases, though, it may not be obvious how certain permissions relate to a feature of the extension, so you should ask:
- Does the extension’s website or description on addons.mozilla.org include an explanation of why the extension is requesting these permissions? Is the explanation consistent with the features of the extension?
If you'd like more information about every potential permission request you may encounter, please see Permission request messages for Firefox extensions.
For an even deeper analysis:
After probing these questions, you'll hopefully be satisfied that the extension is requesting an appropriate set of permissions.
While the vast majority of extension developers aren't interested in stealing your personal information or doing anything nefarious, you should be aware there are occasional bad actors. Always heed caution when installing extensions or any third party software.