Using Permissions to Establish Trust

TrustI used to work in an industry where being ISO 9001 certified was necessary in order to remain competitive. If you are unfamiliar with ISO 9001, it is a set of standards that requires a business to document each process, and then follow those documented processes. And every autumn, sure as the leaves falling from the trees, an independent auditor would show up to verify we were indeed documenting and following our processes. It’s like a tax audit you impose on yourself (and about as unpleasant).

The idea behind ISO 9001, though, is that a certified business can be trusted, both in its business dealings and its delivered products. It is meant to convey a sense of quality and security to customers.

Firefox (thankfully) is not subject to ISO standards, but we still ask users to trust us. This is especially true for extensions. How do we communicate that a user should trust an extension when, conceivably, it has access to every site the user visits and can see each byte of data the user sends and receives.

A primary way Firefox builds trust with users is by showing them what an extension is capable of doing via permissions.  During installation, the user is presented with a list of permissions that the extension has requested, and that list must be explicitly confirmed before installation proceeds. As developers we can take advantage of this opportunity to connect with our users. Fully explaining the permissions we need (on the landing page, in the listing, and/or in the extension itself) and why we need them creates trust in our extension and faith in Firefox.

Chrome has had this type of permission system for some time, and most people are used to seeing this on their mobile phones where, for years, applications have asked for permissions when installed.  Long time Firefox users, however, may not be used to seeing this prompt, as it is relatively new, introduced with the WebExtensions API. Therefore, as developers, we should only ask for the permissions our extension absolutely needs, demonstrating respect for user privacy and reinforcing the trust bond with our users.

Mozilla provides material on this blog and on our support site to help users better understand what is happening with permissions. For developers, this article on MDN goes into more detail on ways to request and use appropriate permissions.  Following that advice can help gain and maintain trust in extensions, without the pain of an ISO 9001 audit.

 

Removing Support for Unpacked Extensions

With the release of Firefox 62 (currently scheduled for August 21, 2018) Mozilla will discontinue support for unpacked sideloaded extensions. You will no longer be able to load an extension via the Windows registry by creating an entry with an extension’s directory (i.e. unpacked) after Firefox 61. Starting with Firefox 62, extensions sideloaded via the Windows registry must be complete XPI files (i.e. packed).

 

Removing a Legacy Heritage

Support for unpacked extensions was originally a feature used by legacy extensions. With the release of Firefox Quantum (57) and the transition to the WebExtensions architecture for add-ons, support for unpacked extensions is no longer required. Maintaining support for both unpacked and packed extensions places a significant technical burden on the engineering and testing organizations, and removal of the legacy unpacked extension code helps Mozilla preserve the long-term stability of Firefox.

Convert Unpacked to Packed

If you are the developer of an extension that has been installed via the Windows registry as an unpacked directory, your extension will continue to work through Firefox 61. Starting with Firefox 62, however, your extension will be no longer be loaded by Firefox. To avoid this situation and ensure users do not lose functionality, please pack your extension and update the Windows registry entry to use the packed XPI file (see MDN for detailed instructions).

Development Still Supports Unpacked Extensions

Note: this does not impact the use of unpacked extensions for development. Temporarily loading and debugging an extension either via the about:debugging page or via the web-ext tool will continue to be supported; both methods will still be able to load extensions contained within a filesystem directory. Developers will not be required to sign or pack their extensions into an XPI file for development purposes.

February’s Featured Extensions

Firefox Logo on blue background

Pick of the Month: Swift Selection Search

by Daniel Lobo
Access multiple search engines in a pop-up panel when you highlight text on any web page.

“Best time saving extension ever.”

Featured: Imagus

by Deathamns
Mouse over links to enlarge their thumbnails or videos.

“It just works. Nice, simple and clean. There may be more fancy ways of using it but I’m a simple guy.”

Featured: SmartProxy

by Salar Khalilzadeh
Add any website to your list and SmartProxy will automatically transfer your data from those sites through a proxy.

“Best! Best!”

Featured: Social Fixer

by MattKruse
Adjust Facebook to your liking. Filter posts by content (remove sponsored posts, political commentary, or things your friends Like), author, and more.

“It’s a fantastic little add-on that allows one to highly customize what one sees on FB. Not intrusive, yet very effective. It allows me to hide most of the annoying parts of FB. And it’s FREE!”

Nominate your favorite add-ons

Featured add-ons are selected by a community board made up of add-on developers, users, and fans. Board members change every six months. Here’s further information on AMO’s featured content policies.

If you’d like to nominate an add-on for featuring, please send it to amo-featured [at] mozilla [dot] org for the board’s consideration. We welcome you to submit your own add-on!

Understanding Extension Permission Requests

An extension is software developed by a third party that modifies how you experience the web in Firefox. Since they work by tapping into the inner workings of Firefox, but are not built by Mozilla, it’s good practice to understand the permissions they ask for and how to make decisions about what to install. While rare, a malicious extension can do things like steal your data or track your browsing across the web without you realizing it.

We have been taking steps to reduce the risk of extensions, the most significant of which was moving to a WebExtensions architecture with the release of Firefox 57 last fall. The new APIs limit an extension’s ability to access certain parts of the browser and the information they process. We also have a variety of security measures in place, such as a review process that is designed to make it difficult for malicious developers to publish extensions. Nevertheless, these systems cannot guarantee that extensions will be 100% safe.

Here’s where you come in

We want to make it easier for you to make informed decisions about the extensions you install, by providing transparency about what individual extensions can do. Since transitioning to the WebExtensions API, we have been displaying a permissions message corresponding to the extension you are installing.

Extensions have always had access to this type of information, but by showing you what they are (and telling you what they mean), we hope to help you become more savvy about choosing safe extensions.

How about the scary-sounding one?

There is one permission in particular, “Access your data for all websites”, that we’ve gotten many questions about since the feature launched. The reason why it’s worded this way is because a web page can contain virtually anything, and some extensions need to read everything on it in order to perform an action based on what the page contains.

For example, an ad blocker needs to read all web page content to identify and remove ad code. A password manager needs to detect and write to username and password fields. A shopping extension might need to read details of the products you’re searching for.

Since these types of extensions wouldn’t know whether any particular web page contains the bit it needs to modify until it’s loaded, and neither does Firefox, it needs access to everything on a page so it can look for and modify the appropriate parts. This means that in theory, while rare, a malicious developer could tell you their extension does one thing while it actually does something else.

How do I stay safe?

While there is an element of risk to installing any third-party software, there are a few simple best practices you can follow to reduce it. Is the extension made by a reputable developer? Are the user ratings high? Are the permission requests consistent with the features of the extension?

We’ve compiled a short checklist of questions to consider in our support forum. These best practices can help you evaluate any potential software you install, and feel safer and better informed wherever you are on the web.

Extensions in Firefox 59

Firefox Quantum continues to make news as Mozilla incorporates even more innovative technology into the platform. The development team behind the WebExtensions architecture is no exception, landing a slew of new API and improvements that can now be found in Firefox 59 (just released to the Beta channel).

As always, documentation for the API discussed here can be found on MDN Web Docs (some of the features below are just hitting the main branch as of this post, so if you don’t find the documentation on MDN, check back in a few days).

Experimental Tab Hiding

Tab hiding is back! Since the deprecation of the legacy extension architecture, one of the most requested features has been the ability to hide tabs with the WebExtensions API. It was a key element of some very popular legacy add-ons that provided the ability to manage tab groups. Firefox 59 brings this capability back in an initial, experimental form.

The API is very straightforward:

  • Include the “tabHide” permission in your manifest file.
  • Use tabs.hide() with the tab ID (or list of tab IDs) to hide tabs.
  • Use tabs.show() with the tab ID (or list of tab IDs) to show hidden tabs.
  • Examine the tabs.Tab.hidden field to determine if a tab is currently hidden.

Note that the visible state of a tab is completely independent from its discarded state. While it may make sense to keep certain tabs active and loaded in memory while hidden, we encourage you to use tabs.discard() in combination with tabs.hide() to help manage memory and resource usage.

There are certain restrictions when hiding tabs:

  • Tabs that are pinned cannot be hidden
  • Tabs that are sharing their screen, microphone or camera cannot be hidden
  • The current active tab cannot be hidden
  • Tabs that are in the process of being closed cannot be hidden

The reintroduction of hidden tabs to Firefox does not come without some concern. A primary motivation for moving to the WebExtensions framework is to offer users a safer extension ecosystem that can be trusted to protect their security and privacy. Obviously, tab hiding opens the door for malicious extensions to hide tabs, doing things in the background without a user’s knowledge.

To make sure we get things right, tab hiding is disabled by default. To enable the API, you must manually go to the about:config page and set extensions.webextensions.tabhide.enabled to true. This restriction will remain in place until:

  • Additional user interface features are added to Firefox that allow users to see all of their hidden tabs and/or show those tabs independent of any extension. This user interface work is currently active and on-going.
  • Developers (internal and external) have had some time to try the API and understand its strengths and weaknesses. In particular, we want some time to gather input on the potential for abuse.

To be clear, this API is currently experimental. It could change, or even go away entirely if we can’t provide it in a secure manner.  Nevertheless, Firefox has a long, proud history of customization and the team is committed to upholding that tradition with tab hiding. So please give the API a try and see what you think. With your help, we will work to make tab hiding as fully functional as possible while still maintaining the security of the WebExtensions architecture.

Want to jump right in a see what it’s like? Give the Tab Hider extension a try.

Additional Tab Features

While tab hiding is the big feature to land in Firefox 59, it isn’t the only thing related to tabs.

Even More Theme API

Continuing the “theme” of previous releases, Firefox 59 includes a number of additions to the Theme API that allow you to customize even more of the browser’s appearance, including:

Improvements to the webRequest API

The webRequest API now merges multiple headers with the same name rather than using only the last one. In addition, a couple of mechanisms were added to the webRequest API to allow for requests to be upgraded from HTTP to HTTPS.

Finally, to make debugging a lot easier, exceptions raised from a webRequest blocking listener now report the original error message and filename. Below is an example:

Before Firefox 59

Before Firefox 59

Starting With Firefox 59

Starting With Firefox 59

Register Content Scripts at Runtime

Another big feature landing with Firefox 59 is the ability to register content scripts at runtime. This is an important feature for extensions that want to support user scripting.

Using the contentScripts.register() API, extensions can dynamically associate content scripts with different URLs, lifting the previous limitation that all content scripts had to be listed statically in the manifest file.

Support for Decentralization Protocols

Mozilla has always been a proponent of decentralization, recognizing that it is a key ingredient of a healthy Internet. Starting with Firefox 59, several protocols that support decentralized architectures are approved for use by extensions.  The newly approved protocols are:

Firefox itself does not implement these protocols, but having them on the approved list means the browser recognizes them as valid protocols and extensions are free to provide implementations.

browserAction and pageAction Improvements

Browser Actions and Page Actions are two of the most popular types of extensions that we see submitted to the Firefox Add-Ons website.  Accordingly, the team behind WebExtensions continues to expand and improve the API for those types of extensions.

  • pageActions can now be shown and/or hidden automatically for specific pages via pattern matching using the “hide_matches” and “show_matches” manifest properties. This is a nice performance win for users.
  • browserAction set* methods can now accept a null value which removes the property from the browserAction.
  • Invalid badge background colors are now rejected (provides more Chrome compatibility).
  • An extension can now determine if its browserAction is enabled or disabled (browserAction.isEnabled), a pageAction is currently shown for a tab ( pageActions.isShown), and if its sidebarAction is currently open (sidebarAction.isOpen).

Enhancement to Cookies

The ability for extensions to control cookies in the browser expanded in Firefox 59, including:

Proxy Settings

Extensions can now override the proxy settings in the browser which has been another highly requested feature.  Using the browserSettings.proxyConfig.set() API, the following proxy settings can be controlled:

  • proxyType: The type of proxy to use.
  • http: The address of the http proxy, can include a port.
  • httpProxyAll: Use the http proxy server for all protocols.
  • ftp: The address of the ftp proxy, can include a port.
  • ssl: The address of the ssl proxy, can include a port.
  • socks: The address of the socks proxy, can include a port.
  • socksVersion: The version of the socks proxy.
  • passthrough: A list of hosts which should not be proxied.
  • autoConfigUrl: A URL to use to configure the proxy.
  • autoLogin: Do not prompt for authentication if password is saved.
  • proxyDNS: Proxy DNS when using SOCKS v5.

User Notification of Extensions Overrides

As with previous releases, when functionality is provided via WebExtensions that allows extensions to control some aspect of the browser, Firefox will inform the user which extension controls that aspect and provide a way for them to regain control.

The ability for an extension to control the browser’s tracking protection setting was added back in Firefox 57 via the websites.trackingProtectionMode API. Firefox 59 now shows when an extension controls tracking protection.

Tracking Protection Notification

In the above image, notice that a message is now displayed after a user disables an extension reminding them how to re-enable it, also a new feature of Firefox 59.

One of the most popular browser defaults to override is the new tab page. Firefox already shows the user when an extension has overridden that page, but starting with Firefox 59 it also informs the user of the override on the first appearance of the new tab page itself. Plus, it is smart enough to revert back to the previous new tab if the new override is declined.

Restore New Tab

Additional Browser Controls

To better support mouse gestures, browserSettings.contextMenuShowEvent() has been added in this version. This new API can be set to “mouseup” or “mousedown” by extensions to determine when context menus should be shown. Note that this is not supported on Android, and also calling it with a value of “mousedown” on Windows is a no-op.

Also in Firefox 59, read-only browserSettings now return false when calling set or clear and also report an accurate levelofControl.

Context Menus for Bookmarks

Speaking of context menus, you can now set custom context menus for bookmarks.  This will work on the bookmarks toolbar, the library menu, the bookmarks subview, and the bookmarks menu.

Development and Debugging

One of the best ways to suggest a new WebExtension API is to prototype it via an official experiment. Two major changes landed for WebExtension experiments that makes this significantly easier:

Also in Firefox 59, more detail has been added to sandbox names to aid in debugging.

Miscellaneous Changes and Fixes

A number of smaller items were also landed in the new Firefox 59 Beta, including:

More to Come

Firefox 59 landed a total of 69 items for WebExtensions, the most important of which are discussed above. Thank you to everyone who had a part in getting it to Beta, especially volunteer contributors Andre Garzia, Tim Nguyen, Oriol Brufau, Javier Serrano Polo, Kevin Jones, Tushar Arora, Martin Giger, Peter Snyder, Lukas Jung. Additional changes and improvements to the WebExtensions API are already in progress for Firefox 60, so please continue to send us your feedback. And as always, thank you for using Firefox and helping ensure that individuals have the ability to shape the Internet and their own experiences on it.

Friend of Add-ons: Trishul Goel

Our newest Friend of Add-ons is Trishul Goel! Trishul first became involved with Mozilla five years when he was introduced to the Firefox OS smartphone. As a JavaScript developer with an interest in Mozilla’s mission, he looked for opportunities to get involved and began contributing to SUMO, L10n, and the Firefox OS Marketplace, where he contributed code and developed and reviewed apps.

After Firefox OS was discontinued as a commercial product, Trishul became interested in contributing to Mozilla’s add-ons projects. After landing his first code contributions to addons.mozilla.org (AMO), he set about learning how to develop extensions for Firefox using WebExtensions APIs. Soon, he began sharing his knowledge by leading and mentoring  workshops for extension developers as part of Mozilla’s “Build Your Own Extension” Activate campaign.

In the last year, Trishul has contributed more than 45 patches to Mozilla’s add-ons repositories, published 11 extensions to AMO, served as a member of the Featured Add-ons Advisory Board, and created a great set of WebExtensions APIs tutorials for new extension developers. Currently, he is an active Mozilla Rep and Tech Speaker, and is writing React code for AMO.

When asked what he has gained from his experience contributing to Mozilla, Trishul says, “I grew my skill set while coding for Mozilla. I’ve learned how to mentor people and how to work on a cross-culture remote team.”

In his free time, Trishul enjoys traveling and mountain biking.

Congratulations, Trishul, and thank you for your contributions to the add-ons community!

Are you a contributor to the add-ons community or know of someone who should be recognized? Please be sure to add them to our Recognition Wiki!

New Contribution Opportunity: Content Review for addons.mozilla.org

For over a dozen years, extension developers have volunteered their time and skills to review extensions submitted to addons.mozilla.org (AMO). While they primarily focused on ensuring that an extension’s code adhered to Mozilla’s add-on policies, they also moderated the content of the listings themselves, like titles, descriptions, and user reviews.

To help add-on reviewers focus on the technical aspects of extension review and expand contribution opportunities to non-technical volunteers, we are creating a new volunteer program for reviewing listing content.

Add-on content reviewers will be focused on ensuring that extensions listed on AMO comply with Mozilla’s Acceptable Use Policy. Having a team of dedicated content reviewers will help ensure that extensions listed on AMO are not spam do not contain hate speech or obscene materials.

Since no previous development experience is necessary to review listing content, this is a great way to make an impactful, non-technical contribution to AMO. If you have a keen eye for details and want to make sure that users and developers have a great experience on addons.mozilla.org, please take a look at our wiki to learn more about how to become an add-on content reviewer.

January’s Featured Extensions

Firefox Logo on blue background

Pick of the Month: Search by Image – Reverse Image Search

by Armin Sebastian
Powerful image search tool that’s capable of leveraging multiple engines, such as Google, Bing, Yandex, Baidu, and TinEye.

“I tried several ‘search by image’ add-ons and this one seems to be the best out there with a lot of features.”

Featured: Resurrect Pages

by Anthony Lieuallen
Bring back broken links and dead pages from previous internet lives!

“One of my favorite websites took down content from readers and I thought I’d never see those pages again. Three minutes and an add-on later I’m viewing everything as if it was never deleted. Seriously stunned and incredibly happy.”

Featured: VivaldiFox

by Tim Nguyen
Change the colors of Firefox pages with this adaptive interface design feature (akin to Vivaldi-style coloring).

“Definitely brings a bit more life to Firefox.”

Nominate your favorite add-ons

Featured add-ons are selected by a community board made up of add-on developers, users, and fans. Board members change every six months. Here’s further information on AMO’s featured content policies.

If you’d like to nominate an add-on for featuring, please send it to amo-featured [at] mozilla [dot] org for the board’s consideration. We welcome you to submit your own add-on!

December’s Featured Extensions

Firefox Logo on blue background

Pick of the Month: Group Speed Dial

by Juraj
Organize all your favorite websites with visual bookmarks.

“Fast. All other speed dials are resource hungry and slow.”

Featured: Gesturefy

by Robbendebiene, Itch
Enjoy 40+ customizable mouse gestures. Includes multi-language support.

“Very good as an alternative to FireGesture.”

Featured: Tree Style Tab

by Piro
Display your open tabs in a tree style.

“Perfect for opening lots of tabs on a widescreen monitor. All tabs remain readable contrary to the normal tab layout.”

Featured: Multi-Account Containers

by Mozilla
An official Mozilla extension, Multi-Account Containers lets you keep distinct parts of your online life separated into color-coded tabs. Cookies are separated by container, allowing you to use the Web with multiple identities simultaneously.

“This add-on is my daily partner. Now Facebook doesn’t know what I buy ;).”

Featured: User-Agent Switcher

by RayLo
A tool to spoof user-agent strings.

“Easy to use and portable too. Thank you!!”

Featured: Tab Auto Refresh

by Alex
Automatically refresh your tabs on custom time intervals.

“This is the first auto reload/refresh Firefox extension that I’ve found that can be customized for each tab that I have! This is exactly what I wanted and it works fantastic. Highly recommended.”

Featured: Google Translator

by Andy Portman
Access a simple way to translate single words or large, complex phrases.

“Easy to use, amazing pop-up background, a powerful dictionary translator!”

Nominate your favorite add-ons

Featured add-ons are selected by a community board made up of add-on developers, users, and fans. Board members change every six months. Here’s further information on AMO’s featured content policies.

If you’d like to nominate an add-on for featuring, please send it to amo-featured [at] mozilla [dot] org for the board’s consideration. We welcome you to submit your own add-on!

Extensions in Firefox 58

With the release of Firefox Quantum on November 14, 2017, we officially entered a WebExtensions-only world for add-on development. While that event was certainly the news of the day, Firefox 58 quietly entered Beta and a host of new APIs and improvements landed. As always, documentation for the APIs discussed here can be found on MDN Web Docs.

Additional Theme API

The API around themes continues to grow, allowing you customize even more of the browser appearance. In Firefox 58, you can now:

Reader Mode API Added to Tabs

The API available for interacting with tabs continues to grow. Firefox reader view (or reader mode) strips away clutter like buttons, ads and background images, and changes the page’s text size, contrast, and layout for better readability. It can even read the page out loud to you, if you want.

The image below shows a page that can be viewed in reader mode, indicated by the page icon in the URL bar (circled in red).

MDN article in Normal Mode.Clicking on the icon puts the page in reader mode, removing most of the page elements except the text and adding buttons to the left-hand side that modify the reading experience.

MDN article in Reader Mode.This powerful browser feature is now available via the WebExtensions API.

Improved webRequest API

Extensions can now easily get the entire URL ancestor chain, even in an HTTP environment. webRequest.onBeforeRequest() now includes another parameter in its callback object called frameAncestors. This is an array that contains information for each document in the frame hierarchy up to the top-level document.

Additionally, to enable proxy authorization to work smoothly,  webRequest.onAuthRequired() now fires for system events. If an extension has the correct permissions, it will be able to use onAuthRequired to supply credentials for proxy authorization.

Flexible XHR and Fetch Headers

When a content script makes requests using the standard window.XMLHttpRequest or window.fetch() API, the Origin and Referer headers are not set like they would be when requests come from the web page itself. This is often desirable in a cross-domain situation so that the content script does not appear to come from a different domain.

However, some sites only allow XHR and fetch to retrieve content if the correct Referer and Origin headers are set. Starting in Firefox 58, the WebExtensions API permits the use of content.XMLHttpRequest() and content.fetch() to perform requests that look as if they were sent by the web page content itself.

Improved Content Security Policy (CSP) Handling

Work also continues in the WebExtensions CSP area. Starting with Firefox 58, the CSP of a web page does not apply to content inserted by an extension. This allows, for example, the extension to load its own resources into a page.

This is a fairly large effort requiring some substantial architectural work. In Firefox 58, the first part of this work has landed, permitting basic injection of content generated by DOM APIs. There will be follow-ups for parser-generated content and inline stylesheets and scripts.

Setting the Default Search Engine

Using chrome_settings_override, an extension can now install a new default search engine by setting the is_default key to TRUE.  To protect the user, this cannot be done silently and the user will see an additional dialog that prompts them to confirm the change.

Search Engine ConfirmationThe user will also see if their default search engine has been overridden in the Options (about:preferences) page, which is explained in more detail below.

User Notification of Extensions Overrides

As the scope and power of the WebExtensions API increases, it is important to maintain the user’s security and privacy. In addition to the permission dialog that a user sees upon installation, Firefox tries to make sure that users are aware of which parts of the browser are under the control of an extension, and provide a way for them to revert back to default behavior, if desired.

Firefox 58 landed a couple of features in this area. First, when an extension has taken control of the New Tab Page, a notice is shown in Options (about:preferences) along with a button to disable the extension.  This is shown in the screenshot below.

Extension OverridesAlong similar lines, if an extension has set a user’s default search engine, this will be shown on the Options (about:preferences) page.

Extension OverridesOver the next few releases expect to see Firefox show even more areas where an extension is in control of a browser behavior along with options to revert back to a default state.

Additional Privacy Controls

In keeping with Mozilla’s mission to protect an individual’s online security and privacy, two new browser settings related to user privacy are now exposed via the WebExtensions API.  Within privacy.websites, we’ve added:

  • firstPartyIsolate – This preference makes the browser associate all data (including cookies, HSTS data, cached images, and more) for any third party domains with the domain in the address bar.
  • resistFingerprinting – Browser fingerprinting is the practice by which websites collect data associated with the browser or the device it’s running on to personally identify you. This preference makes the browser report spoofed information for data that’s commonly used for fingerprinting.

Browser Action Fixes

A number of changes landed in Firefox 58 that fix issues with Browser Action buttons:

Support for PKCS #11 Security Devices

Firefox supports manual installation of external security devices via a dialog under the Options (about:preferences) screen. Now, WebExtensions includes API support for PKCS #11 security devices. Similar to native messaging and managed storage, a native manifest must be installed outside of an extension before the API become useful.

Android

On Android, users get install-time prompts for WebExtension permissions, but under Firefox 58 they now also get prompts when an extension adds additional permissions at runtime.

Miscellaneous Changes

More to Come

The items above represent some of the bigger changes, but Firefox 58 landed a total of 79 items in the WebExtensions area. Thank you to everyone who had a part in getting Firefox 58 to Beta, especially volunteer contributors apoorvasingh2811, DW-dev, Tom Schuster, Kevin Jones, Ian Moody, Tim Nguyen, Tomislav Jovanovic, Masatoshi Kimura, Wouter Verhelst.

We continue to receive a lot of feedback from developers and, based on that feedback, work is progressing on new features for Firefox 59 and beyond. Expect to see the WebExtensions API improve and grow, particularly in regards to the organization and management of tabs, as well as the theming API. As always, thank you for using Firefox and helping ensure that individuals have the ability to shape the Internet and their own experiences on it.