Add-on signing in Firefox

Revision Information
  • Revision id: 101920
  • Created:
  • Creator: misibacsi
  • Comment: typo
  • Reviewed: Yes
  • Reviewed:
  • Reviewed by: heyjoni
  • Is approved? No
  • Is current revision? No
  • Ready for localization: No
Revision Source
Revision Content

Add-ons that change your browser's settings without your consent or steal your information have become increasingly common. Some add-ons add unwanted toolbars or buttons, change your search settings or inject ads or malware into your device. This article explains how add-on signing protects you against such threats.

What is add-on signing?

Mozilla verifies and "signs" add-ons that follow a set of guidelines to ensure that users' information will not be stolen or manipulated. All add-ons hosted on addons.mozilla.org undergo this review process in order to be verified and signed. Add-ons hosted on other sites will need to follow the same guidelines in order to be signed by Mozilla.

Add-on signing targets only malware and browser hijacking. It does not control or censor the content that you choose to see.

Developers: Learn more about add-on signing guidelines at Mozilla Developer Network.

How does add-on signing protect me?

Newer versions of Firefox (versions 40 and above) protect you against malware and browser hijackers by warning you againstblocking third-party add-ons that are not digitally signed and verified by Mozilla. To use this new feature, please update to the latest version of Firefox.

While Firefox currently has an blocklist system, it is increasingly difficult to track and block the growing number of malicious add-ons. The new add-ons signing process requires developers to follow Mozilla Developer guidelines to ensure that their add-ons are safe. Firefox protects you by warning you when an add-on has not been verified through this signing process, but you can still install the unverified add-on at your own risk.

Install add-ons only from developers you trust. Unverified add-ons may contain malware or hijackers that can alter your settings and steal your information.

Firefox protects you by allowing only digitally signed or verified add-ons to be installed on your browser. While Firefox currently has an blocklist system, it is increasingly difficult to track and block the growing number of malicious add-ons. The add-ons signing process requires developers to follow Mozilla Developer guidelines to ensure that their add-ons are safe.

What types of add-ons need to be signed?

Extensions (add-ons that add features to Firefox) will need to be signed. Themes, language packs and plugins do not need to be signed.

Where would I encounter unsigned add-ons?

Add-ons installed through the official Firefox Add-ons site undergo a rigorous review process before they are published. These add-ons are signed and verified.

When you install an add-on through another website, Firefox checks to make sure that the add-on has been digitally signed before you can install it.