Add-on (Mozilla)

From Wikipedia, the free encyclopedia
Jump to: navigation, search
For Mozilla's official add-ons website, see Mozilla Add-ons.
Featured Firefox addons from the official page

Add-ons are installable enhancements to the Mozilla Foundation's projects, and projects based on them. Add-ons allow the user to add or augment application features, use themes to their liking, and handle new types of content.

Types of add-ons[edit]


Extensions can be used to modify the behavior of existing features to the application or add entirely new features. Extensions are especially popular with Firefox, because Mozilla developers intend for the browser to be a fairly minimalistic application in order to reduce software bloat and bugs, while retaining a high degree of extensibility, so that individual users can add the features that they prefer.

Extension technologies[1][edit]

  • CSS (Cascading Style Sheets)
  • DOM (Document Object Model) – Used to change XUL in real-time or to edit HTML that is currently loaded
  • JavaScript – The primary language of Mozilla browsers
  • XPCOM (Cross-Platform Component Object Model)
  • XPConnect
  • XPI (Cross-Platform Installer)
  • XUL (XML User Interface Language) – Used to define the UI (User Interface) and interaction with user.
  • Mozilla Jetpack – a development kit aiming to lower the learning curve and development time for making add-ons.


Interface changes[edit]

Some extensions are used to change the interface of the application. These are not to be confused with personas, which are a theme management feature. For example, several add-ons exist to change the color of the Firefox button, such as ColorizedButton. There is also an add-on which moves the menu bar to where the window title normally is on windows machines.

Adding features[edit]

Extensions are generally used to add functions to the application. Examples of functions which an extension might add include RSS readers, bookmark organizers, toolbars, website-specific client programs, FTP, e-mail, mouse gestures, proxy server switching, or developer tools. Many Firefox extensions implement features formerly part of the Mozilla Suite, such as the ChatZilla IRC client and a calendar.

Modifying how the user views web pages[edit]

Many extensions can change the content of a webpage as it is rendered. For example, Adblock extensions can prevent the browser from loading images which are advertisements. Another popular extension, Greasemonkey, allows the user to install scripts which modify a targeted subset of webpages on the fly in a manner which is the programmatic complement to user style sheets.[2]

Other uses[edit]

Extensions also exist for frivolous, humorous or satirical purposes. Some allude to historical features of the Firefox browser, for example restoring the "delicious delicacies" placeholder text removed in Firefox 0.9, or generating random browser names to allude to the Firefox name changes.

Security of Mozilla Extension Environment[edit]

Unlike Google Chrome, the Mozilla platform has no mechanism to restrict the privileges of extensions. Extension code is fully trusted by Mozilla applications. There are no restrictions on intercommunication between extensions as well as the operating system. This means that one extension can read or modify the data used by another extension or any file accessible to the user running Mozilla applications.[3]

Mozilla extensions are per default installed into the applications user profile where their code can be overwritten by the user or any program run by the user. Since the Mozilla platform does not check the integrity of installed extensions they can trivially be (ab)used for arbitrary code execution.[4]

From Firefox 40.0, Mozilla began to roll out a requirement for extension signing in the Release and Beta channels to improve end-user security. From 40.0, the browser warns the end user an extension is unsigned, from 41.0, unsigned extensions could only be installed if a special option in the about:config page was enabled. In 42.0 Firefox will block the installation of unsigned extensions. The Developer Edition and Nightly versions of Firefox will have a setting to disable signature enforcement. An unbranded version of Firefox Release and Beta is planned to allow developers to work on extensions without the requirement.[5][6]


Common plugins include Acrobat Reader, Flash Player, Java, QuickTime, RealPlayer, Shockwave, and Windows Media Player. As per Mozilla, the plugins should be updated with current version plugins. It is absolutely necessary to update to the current version of plugins as old plugins might have become incompatible with the latest Firefox version, in addition to having more functionality and patches for security vulnerabilities. A Mozilla Plugin Check Page exists for users to update their plugins easily.

Compatibility and updates[edit]

Add-ons contain files with XML metadata utilized by the mechanism which controls add-on installation. Among other things, this file identifies maximum and minimum versions of a Mozilla project application with which the add-on may be used. If an attempt is made to install the add-on on a version outside of this range, it will install but will be disabled. Add-ons will often work outside of their compatibility range, and indeed some advanced users edit the metadata file to allow the released version of the add-on to run on their install. It is even possible to override the compatibility check using various extensions.

The success of a formal compatibility check is no guarantee the add-on will work, however.

The add-on manager periodically checks for updates to installed add-ons, although checks for updates can be manually initiated by the user. By default, the update service will look for updates at Mozilla Add-ons, but if the developer includes provisions to check elsewhere, the service will do so.

See also[edit]


  1. ^ Chapter 2: Technologies used in developing extensions - Firefox addons developer guide | MDN. Retrieved on 2013-07-21.
  2. ^ User script - GreaseSpot Wiki. (2010-11-17). Retrieved on 2013-07-21.
  3. ^ "Abusing, Exploiting and Pwning with Firefox Add-ons" (PDF). 
  4. ^ "Add-on code stored in profile folder raises security risk". 
  5. ^ Fisher, Dennis. "Firefox 40 Begins Warning Users About Unsigned Add-Ons". Threatpost. Retrieved 20 August 2015. 
  6. ^ "Extension Signing". Wiki. Mozilla. Retrieved 20 August 2015. 

External links[edit]