Categories: end users

Understanding Extension Permission Requests

An extension is software developed by a third party that modifies how you experience the web in Firefox. Since they work by tapping into the inner workings of Firefox, but are not built by Mozilla, it’s good practice to understand the permissions they ask for and how to make decisions about what to install. While rare, a malicious extension can do things like steal your data or track your browsing across the web without you realizing it.

We have been taking steps to reduce the risk of extensions, the most significant of which was moving to a WebExtensions architecture with the release of Firefox 57 last fall. The new APIs limit an extension’s ability to access certain parts of the browser and the information they process. We also have a variety of security measures in place, such as a review process that is designed to make it difficult for malicious developers to publish extensions. Nevertheless, these systems cannot guarantee that extensions will be 100% safe.

Here’s where you come in

We want to make it easier for you to make informed decisions about the extensions you install, by providing transparency about what individual extensions can do. Since transitioning to the WebExtensions API, we have been displaying a permissions message corresponding to the extension you are installing.

Extensions have always had access to this type of information, but by showing you what they are (and telling you what they mean), we hope to help you become more savvy about choosing safe extensions.

How about the scary-sounding one?

There is one permission in particular, “Access your data for all websites”, that we’ve gotten many questions about since the feature launched. The reason why it’s worded this way is because a web page can contain virtually anything, and some extensions need to read everything on it in order to perform an action based on what the page contains.

For example, an ad blocker needs to read all web page content to identify and remove ad code. A password manager needs to detect and write to username and password fields. A shopping extension might need to read details of the products you’re searching for.

Since these types of extensions wouldn’t know whether any particular web page contains the bit it needs to modify until it’s loaded, and neither does Firefox, it needs access to everything on a page so it can look for and modify the appropriate parts. This means that in theory, while rare, a malicious developer could tell you their extension does one thing while it actually does something else.

How do I stay safe?

While there is an element of risk to installing any third-party software, there are a few simple best practices you can follow to reduce it. Is the extension made by a reputable developer? Are the user ratings high? Are the permission requests consistent with the features of the extension?

We’ve compiled a short checklist of questions to consider in our support forum. These best practices can help you evaluate any potential software you install, and feel safer and better informed wherever you are on the web.

6 comments on “Understanding Extension Permission Requests”

  1. Jeff wrote on

    What would be most helpful is to allow an extension developer some space to explain why they need the permissions they’re requesting. Sometimes it’s not clear from the description of what an extension says it does vs. what permissions are required to actually accomplish that, and it would help end users make an informed choice.

    1. Eric Shepherd wrote on

      I agree; that would be an excellent addition. That can especially be the case in which the requested permission is necessary for entirely non-obvious reasons, such as (and this is an insane example) an extension that lets you scroll the page by blowing on your device. The extension needs microphone access to detect the sound of the breath blowing on the device, but users won’t necessarily understand that.

    2. Albert wrote on

      Great idea! For space reason, maybe as a link at the end “Why does xyz require these permissions?” – if the developer has filled in the corresponding section on AMO. Or maybe even make it a required section on AMO from introduction going forward.

  2. zakius wrote on

    funny that you show installation process of gesturify, extension that will never work properly due to limitations you are not willing to remove

    1. Juraj Mäsiar wrote on

      Those of you that cannot live without gestures – know that you can go one layer further and install desktop gesture application. There are some for each platform and this allows their usage in all applications, not just in browser – anything that can be controlled via short-keys.

  3. erosman wrote on

    I understand the generic nature of such notifications and the complications of making them more specific …. however, a more specific notification in the long run will be greatly beneficial.

    There are occasions where the generic “Access your data for all websites”, “Read and modify xyz”, “Download files and read and modify the browser’s download history” etc sound overly intrusive and frankly scary to some, while only a subset of such permissions is actually used by the add-on.

    I had to especially make an explanation for each one of them to better inform the users.

    https://addons.mozilla.org/firefox/addon/foxytab/