This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Financial tasks with Firefox: how to increase security?

  • 9 ردود
  • 1 has this problem
  • 3 views
  • آخر ردّ كتبه mcflay

more options

Reading this post I understand that using FF extensions can be a security risk considering that many extensions require the permission "Access your data for all websites" and with this permission an extension could take the data like username, password whether the form is populated by FF (saved login) or if the form is populated manually.

If an user has to browse on his bank website, the first idea that comes to mind is to use the Incognito mode but the problem is that with FF an incognito mode window has every installed extension (this unlike the Chrome Incognito mode).

So what can be the advice to protect your privacy, using Firefox as comfortably as possible?

Reading [https://support.mozilla.org/en-US/questions/1225776#answer-1177106 this] post I understand that using FF extensions can be a security risk considering that many extensions require the permission "Access your data for all websites" and with this permission an extension could take the data like username, password whether the form is populated by FF (saved login) or if the form is populated manually. If an user has to browse on his bank website, the first idea that comes to mind is to use the Incognito mode but the problem is that with FF an incognito mode window has every installed extension (this unlike the Chrome Incognito mode). So what can be the advice to protect your privacy, using Firefox as comfortably as possible?

All Replies (9)

more options

Any extensions you install should be fully trusted by you. If you don't trust them, I'd suggest uninstalling them in general.

Another thing you can do is create a new profile, and use that profile for any browsing that you consider sensitive, and not install extensions in it. Profile Manager - Create, remove or switch Firefox profiles

more options

Will Firefox developers create in the future an incognito mode that disable every extension automatically? In the mean time is there a way to disable every extension with a click on toolbar for example? Because switch between firefox profiles could be a bit boring..

more options

Any Browser will have security problem no Browser is perfect. What you want to do is not install Toolbars or Addon as mentioned you don't use or know why.

more options

WestEnd said

Any Browser will have security problem no Browser is perfect. What you want to do is not install Toolbars or Addon as mentioned you don't use or know why.

sorry but I did 2 questions and your reply is not very useful because you say things already explained. Incognito mode in Chrome is very useful, so my question was if FF team have scheduled this kind of development or not.

Then I asked if a smart way to disable every extension exists. For example: is there a way to switch between firefox profiles with a shorcut?

The questions are these and if you can give me some useful suggestions, I thank you

more options

mcflay said

Will Firefox developers create in the future an incognito mode that disable every extension automatically?

Hmm, seems a little drastic...

If you look at how extensions are managed in Chrome, you'll find each one has a switch to enable/disable them in incognito; disabled is the default setting. I don't know whether Firefox will get an extension-by-extension option similar to that in the future, but if it does, it won't be in 2018.

The original purpose of private windows was to isolate those tabs from your regular data (cookies, cache, history), but they have been evolving with automatic content blocking (tracking protection) and perhaps other features are planned. I have to admit not reading ahead too far in the development discussions.

In the mean time is there a way to disable every extension with a click on toolbar for example?

No.

Because switch between firefox profiles could be a bit boring..

Well, if you get 5 minutes to spare, why not give it a try:

Creating a Second Profile

Inside Firefox, type or paste about:profiles in the address bar and press Enter/Return to load it.

Click the Create a New Profile button, then click Next. Assign a name like NoAddons, ignore the option to relocate the profile folder, and click the Finish button.

The NoAddons profile is now a "factory default" profile. You will customize it as you use it.

Using a Second Profile

On the about:profiles page, scroll down to the NoAddons profile and click the button "Launch profile in new browser". Firefox will launch the profile. If you think you might be doing this frequently, you can bookmark the about:profiles page for faster access.

First Run

You'll get the introductory tabs. Please do not set up Sync so you can keep these settings separate. Please do not active extensions Firefox discovered on your system.

The toolbars likely will look different in this profile from your regular profile, but I suggest changing the theme for this profile so you'll be able to more easily spot its windows when you want to close NoAddons windows without affecting your regular windows. If you use a light theme, you can use a dark one for this profile, or vice versa. See: Built-in themes in Firefox - alternative to complete themes.

Next Steps

You will find things you want to save and customize as you go. If you can't find something, feel free to ask.


When built-in features, settings, and workarounds, and even add-ons, do not solve a problem you have with Firefox:

You can submit comments and suggestions through one or more of the following links:

more options

With linux I set a shortcut to execute a bash command: firefox -P "NoAddons"

Now opening a new FF windows for high security task is very simply and fast

more options

mcflay said

With linux I set a shortcut to execute a bash command: firefox -P "NoAddons" Now opening a new FF windows for high security task is very simply and fast

I reiterate again you browser can be so tight no air passes between it and all it takes if you to click a malware link or install a malware addon or click on a malware site and your so called tight security is gone. What you can if the security is so concerning is go to one page only and then clear all cookies and cache and history upon exiting it and then go back to the browser on other sites. That will prevents you from clicking on or doing something that isn't in the normal day clicks you do.

Modified by WestEnd

more options

You can add -no-remote to the command line to open another Firefox instance with its own profile and run multiple Firefox instances simultaneously.

more options

WestEnd said

mcflay said
With linux I set a shortcut to execute a bash command: firefox -P "NoAddons" Now opening a new FF windows for high security task is very simply and fast

I reiterate again you browser can be so tight no air passes between it and all it takes if you to click a malware link or install a malware addon or click on a malware site and your so called tight security is gone. What you can if the security is so concerning is go to one page only and then clear all cookies and cache and history upon exiting it and then go back to the browser on other sites. That will prevents you from clicking on or doing something that isn't in the normal day clicks you do.

I don't think that the goal of this topic is to create the browser profile with the maximum security in informatic world. And I don't remember asking for information about vpn, proxy, tor, etc etc. The goal was very simple: this (damn) permission creates (in my opinion) a a huge hole in security and privacy protection for users who use Firefox on a daily basis and for more standard purposes. Malevolent extension that is not checked by humans + careless user who installs the extension (without worrying about the required permissions) and then goes to his bank = big problem How to fix this problem without tor, proxy, vpc, kali linux etc etc? Or without clear all cookies and cache and history 10000 times a day? This is the goal of the topic and I think that a profile without extensions that can be opened quickly with a shortcut, is all in all an acceptable solution