Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security Monitoing on Add-Ons

jondp
New member
‎22-01-2026 09:23 AM
Status: New idea

Since Firefox is a privacy-oriented browser, it would be very interesting to have a tool that allows to monitor every add-on on Firefox.

Nowadays it is hard to know whether we should trust an add-on or not. We should be able to inspect its behavior. I understand many add-ons are not open source, but at least we should be able to know if a certain add-on is for example sending data through the web, saving it somewhere, or even taking snapshots of the screen. 

I understand many features require permissions. But for example, a translation add-on might need to read the page in order to translate it. But is it reading the hole page, or just the fragment I selected? Is it sending the hole page through the web or just the word/sentence I asked to translate?

It must be hard to track everything an add-on does. But if we can track something, that should already be good!

See more ideas labeled with:
Comment
3 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager
‎22-01-2026 01:57 PM
‎22-01-2026 01:57 PM

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

MattAuSupport1
New member
‎25-01-2026 07:16 PM
‎25-01-2026 07:16 PM

I suggest you read the information about addon submission to the Mozilla addons site.  You appear to be under the misapprehension that the code is not reviewed before it is accepted.

See https://extensionworkshop.com/documentation/publish/add-on-policies/

Here is an extract of the arrangements.  Perhaps you could refine your request in terms of the existing arrangements. 

Source Code Submission

Code must be provided in a way that is reviewable. Add-ons may contain transpiled, minified or otherwise machine-generated code, but Mozilla needs to review a copy of the source code before any of these steps have been applied.

The author must provide this information to Mozilla during submission along with instructions on how to reproduce the build. All dependencies must either be included in the source code package directly or downloaded only through the respective official package managers during the build process. Build tools or environments that no longer appear to be supported by their maintainers are not accepted. Reviewers may ask you to refactor parts of the code if it is not reviewable.

 

 

 

 

jondp
New member
‎29-01-2026 03:44 AM
‎29-01-2026 03:44 AM

Hello @MattAuSupport1 !

Thanks for your feedback, I understand that pretty well. I imagine there are several security layers - software, procedures, moderation, code review, etc. There are also privacy policies and strict laws.

But since we can inspect any loaded page, as well as every request it sends and receives, I only think we could be able to do the same with an add-on. The idea here, is actually simpler than it seems at first look. 

Notice that I'm not worried about inspecting the source code itself, only taking a sneak peak under the hood, see the gears turning. 

Don't see it only on a privacy and security perspective. You can see it on the support perspective, if you'd like. If there's something wrong with the addon, it would be much easier to report an issue if the user can take a deeper look at what's happening.

 

Copyright © 2026 Khoros, LLC