First, a Little Backstory
Presently, Firefox supports two main kinds of add-ons. First were XUL or XPCOM add-ons, which interface directly with the browser’s internals. They are fabulously powerful, as powerful as the browser itself. However, with that power comes security risk and the likelihood that extensions will break as the browser changes.
The Add-on SDK was introduced to provide a stable abstraction API above browser internals to reduce extension compatibility issues between versions of Firefox and make it easier to review extensions for security. As the browser evolved, however, it became clear that we needed something even more robust to take us into the future.
WebExtensions is the new API for building add-ons in Firefox. It seeks to unify the extension APIs and architecture with those of other browsers in the name of interoperability and modern architecture.
The introduction of WebExtensions isn’t an arbitrary change—it stands to improve the stability and security of Firefox for users. It also has a number of advantages for developers.
Potentially the most impactful aspect of WebExtensions is that it adopts the extension architecture used by browsers built on top of Chromium, notably Chrome and Opera. Mozilla is committed to implementing a large number of the individual APIs presently available to Chrome extensions. This means that it’s possible to have one codebase for an extension that will work in Firefox, Chrome, and Opera with a minimal amount of browser-specific code.
More than Chrome Parity
While our initial API priorities are focused on allowing Chrome extensions to interoperate with Firefox, we plan to competitively and actively expand the API capabilities of WebExtensions. While we anticipate the vast majority of Firefox Add-ons can be ported to WebExtensions, if you need access to browser components not presently exposed, the Add-on SDK is still available. If your add-on or one you use and love is doing something that is not possible with Chrome extensions or the Add-on SDK, please fill out this survey to help us prioritize new APIs.
Common Functionality is Easier
Future-Proofing your Work
XPCOM/XUL add-ons are notoriously brittle, breaking whenever browser internals change. The Add-on SDK provides a more stable API surface, but has many synchronous APIs that cross between add-on contexts and web page contents. Mozilla is committed to moving Firefox to a multi-process architecture this year to increase security and stability (read more here), which will break many of these synchronous APIs. WebExtensions APIs are being implemented from the ground-up to be ready for a multi-process Firefox, using asynchronous message passing and event-driven interfaces to enable extensions to communicate with the browser and web pages.
More Secure Extensions
Because extensions built with the Add-on SDK can request XPCOM privileges, they could still introduce unintentional security and stability issues into Firefox. Even add-ons written by well-meaning developers can accidentally introduce vulnerabilities that could allow malicious code to execute with the full privileges of the browser. WebExtensions uses its
manifest.json to mitigate this by requiring add-on authors to declare up front which permissions their code will need to operate. Unlike the Add-on SDK, WebExtensions does not allow arbitrary XUL/XPCOM access, so even insecure/vulnerable code is limited to its whitelisted subset of functionality. This vastly reduces the vulnerability surface of a WebExtension, leading to faster review times and a more stable browser.
The Path Forward
We know WebExtensions is a big change, and we’re committed to helping developers prepare and adapt as we roll it out. Initial support for WebExtensions is coming in Firefox 48, and add-ons built with WebExtensions can already be submitted to addons.mozilla.org. The time is now to start experimenting and porting your add-ons! Here are some links to help you get started:
- If you’re an existing add-on author, check out this collection of resources on migrating your add-on to WebExtensions.
- If you’re the author of a Chrome extension, we have a short guide on adding Firefox support to your existing codebase.
- You can also check out this wiki to see more ways to participate in the evolution of WebExtensions.