Add-on signing in Firefox

Revision Information
  • Revision id: 102352
  • Created:
  • Creator: philipp
  • Comment: suggest affected users contact devs of unsigned addons
  • Reviewed: No
  • Ready for localization: No
Revision Source
Revision Content

Add-ons that change your browser's settings without your consent or steal your information have become increasingly common. Some add-ons add unwanted toolbars or buttons, change your search settings or inject ads or malware into your device. This article explains how add-on signing protects you against such threats.

What is add-on signing?

Mozilla verifies and "signs" add-ons that follow a set of guidelines to ensure that users' information will not be stolen or manipulated. All add-ons hosted on addons.mozilla.org undergo this review process in order to be verified and signed. Add-ons hosted on other sites will need to follow the same guidelines in order to be signed by Mozilla.

Add-on signing targets only malware and browser hijacking. It does not control or censor the content that you choose to see.

Developers: Learn more about add-on signing guidelines at Mozilla Developer Network.

What to do when Firefox has disabled unsigned add-ons?

If you notice in the Add-ons Manager that an extension you want to use is disabled because it couldn't get verified, get in contact with its respective vendor or developer through their available support channels to see if they already offer an updated and signed version, that's ready for use in Firefox. Otherwise ask them to submit their add-on to Mozilla to get it signed.

How does add-on signing protect me?

Newer versions of Firefox (version 40)(version 41 and above) protect you against malware and browser hijackers by warningblocking you against third-party add-ons that are not digitally signed and verified by Mozilla. To use this new feature, please update to the latest version of Firefox.

While Firefox currently has a blocklist system, it is increasingly difficult to track and block the growing number of malicious add-ons. The new add-ons signing process requires developers to follow Mozilla Developer guidelines to ensure that their add-ons are safe. Firefox protects you by warning you when an add-on has not been verified through this signing process, but you can still install the unverified add-on at your own risk.

Install add-ons only from developers you trust. Unverified add-ons may contain malware or hijackers that can alter your settings and steal your information.

Firefox protects you by allowing only digitally signed or verified add-ons to be installed on your browser. While Firefox currently has a blocklist system, it is increasingly difficult to track and block the growing number of malicious add-ons. The add-ons signing process requires developers to follow Mozilla Developer guidelines to ensure that their add-ons are safe.

What types of add-ons need to be signed?

Extensions (add-ons that add features to Firefox) will need to be signed. Themes, language packs and plugins do not need to be signed.

Where would I encounter unsigned add-ons?

Add-ons installed through the official Firefox Add-ons site undergo a rigorous review process before they are published. These add-ons are signed and verified.

When you install an add-on through another website, Firefox checks to make sure that the add-on has been digitally signed before you can install it.