Compare Revisions
Permission request messages for Firefox extensions
Revision 287303:
Revision 287303 by lsiebert on
Revision 287304:
Revision 287304 by lsiebert on
Keywords:
Search results summary:
Learn about permission requests when adding extensions to Firefox. Get details on each request for a clearer understanding.
Learn about permission requests when adding extensions to Firefox. Get details on each request for a clearer understanding.
Content:
When you install an extension into Firefox, you may be presented with a message similar to this one:
{for fx129}[[Image:Permissions request add-ons]]{/for}{for not fx129}[[Image:Fx128AddExtension-Permissions]]{/for}
{for fx129}{note}'''Note:''' See [[Extensions in Private Browsing]] regarding the ''Run in Private Windows'' checkbox.{/note}{/for}
This is an extension asking your permission to tap into Firefox’s inner framework (via APIs) to alter your browser’s behavior. These APIs might ask to read or write data you enter in webpages, read data from or access features on your computer, or alter the settings in your browser. If you don't see one of these messages, that means the extension won't try to access any of your data or change the settings in your browser.
So you can better understand what these messages mean in terms of practical impact on your browsing experience and your data, this article provides details about each of the messages.
(You're also encouraged to check out [[Tips for assessing the safety of an extension]] for further guidance on evaluating extensions.)
__TOC__
=Access your data for all websites=
The extension could read the content of any web page you visit, as well as data you enter into those web pages, such as usernames and passwords.
Extensions requesting this permission might:
* Read product and price information from a page to help find you the best price on items you're shopping for
* Offer a password manager that reads and writes details of your username and password
* Provide an ad blocker by reading the content of each web page you open to find and remove ad code
=Access your data for sites in the “named” domain=
The extension could read the content of web pages you visit in the specified domain, as well as data you enter into those web pages, such as usernames and passwords.
Extensions requesting this permission might:
* Update the look of some or all pages within the domain
* Block content, such as advertising or content using certain tags, from a domain’s content feed
=Access your data in # other domains=
Used in conjunction with the named domain message (above) when the extension is requesting access to five or more domains; the first three are listed and the other domain requests counted.
=Access your data for a specific site=
The extension could read the content of any web pages you visit at the specified website, as well as any data you enter into those web pages, such as usernames and passwords.
Extensions requesting this permission might:
* Update the look of some or all pages within the website
* Block content, such as advertising or content labeled with certain tags
=Access your data on # other sites=
Used in conjunction with the named website message (above) when the extension is requesting access to five or more websites – the first three are listed and the other website requests counted.
=Read and modify bookmarks=
The extension could create, modify or remove bookmarks, or change the folder structure in which bookmarks are stored.
Extensions requesting this permission might:
* Add bookmarks for their features or for certain web pages
* Provide enhanced bookmark management features
=Read and modify browser settings=
The extension could do one or more of the following:
* Enable or disable the display of popups
* Enable or disable the caching of web pages
* Set the browser to deny or prompt for all new requests to display notifications
* Read the URL of the browser’s home page
* Read the URL used in new tabs
* Determine how the browser displays animated images—plays as normal, once, or not at all
=Clear recent browsing history, cookies, and related data=
Extensions requesting this permission might offer enhanced features to clean up your browsing history.
The extension could clear any or all of:
* Browser cache
* Cookies
* Downloads
* History
* Local storage
* Plugin data
* Saved form data
* Saved passwords
=Get data from the clipboard=
The extension could retrieve data from the clipboard: The equivalent of “paste”.
Extensions requesting this permission might:
* Let you submit copied text into a translation tool
* Use a copied image to perform a lookup in a visual search engine
=Input data to the clipboard=
The extension could write data to the clipboard: The equivalent of “copy” or “cut”.
Extensions requesting this permission might add content to the clipboard, so you can use it elsewhere in your browser or computer.
=Extend developer tools to access your data in open tabs=
The extension could add a new panel to the developer tools and will be given access to all data in all tabs.
Extensions requesting this permission will usually deliver new [https://developer.mozilla.org/en-US/docs/Glossary/Developer_Tools developer tools]. However, some ordinary extensions use the developer tools to provide additional diagnostic or informational features. One example is [https://addons.mozilla.org/firefox/addon/adblock-plus/ Adblock Plus], which provides a feature in developer tools where you can see details of the ads and content it’s blocking.
=Download files and read and modify the browser’s download history=
The extension could save a file from the web or one created in the extension using the browser’s download manager. The extension could also access and update details of downloaded files stored in the download manager.
{note}'''Note:''' The extension has to obey the settings in the download manager, putting you in control of where the files are saved.{/note}
Extensions requesting this permission might:
* Save data from the extension to your computer (extensions aren’t allowed to write directly to your computer’s file system)
* Save files from a website or remote server
* Provide a feature to manage download history
=Open files downloaded to your computer=
The extension could request that the application on your computer that handles files of a specific type opens a downloaded file. For example, if you have Microsoft Word installed on your computer, the extension could request it to open files with “.docx”.
Extensions requesting this permission might:
* Open audio files in your computer’s music player
* Open documents, images, or other files in an editor
=Read the text of all open tabs=
The extension could perform a search of the text content of any tab.
Extensions requesting this permission might provide an enhanced “find” feature.
=Access your location=
The extension could obtain your location from your computer, GPS, the location associated with your IP address or some other method.
Extensions requesting this permission might:
* Provide information about your current location
* Record your location with data maintained in the extension
=Access browsing history=
The extension could do one of the following with your browser history:
* Search for pages
* Remove some or all pages
* Add pages
* Retrieve or remove details of visits to a page
* Access the list of “Top Sites” that are shown in the browser's new tab page
Extensions requesting this permission might:
* Offer features to remove browsing history for certain websites or domains
* Provide enhanced reporting on your browsing history
=Monitor extension usage and manage themes=
The extension could:
* Get information about installed add-ons (extensions and themes)
* Enable and disable themes
* Uninstall itself
* Get notifications of add-ons being installed, uninstalled, enabled or disabled
Extensions requesting this permission might:
* Monitor add-on installation to check for any potential conflicts
* Change or manage themes
=Exchange messages with programs other than Firefox=
The extension could send messages to and receive them from a complementary native app on your computer.
The complementary app needs to be installed on your computer independently of the extension. This usually happens in one of two ways:
* The extension will provide a guide to the steps you should follow to install the app
* You would have installed an app that then suggests you install an extension in Firefox
Please note that Mozilla has not vetted or reviewed the complementary app. You should approach the installation of the complementary app with the same caution you would apply when installing any third party software from the internet.
Extensions requesting this permission might:
* Use a complementary app to communicate with hardware attached to your computer
* Store usernames and passwords using a secure method not available to a browser
* Perform extensive computations in a complimentary app
=Display notifications to you=
The extension could issue notifications through the standard notification system offered by your computer’s operating systems.
Extensions requesting this permission might:
* Alert you to the completion of background or long-running tasks in the extension
* Aggregate messages from one or more web services
=Provide cryptographic authentication services=
The extension could access software on your computer for generating and validating security keys and certificates using the PKCS #11 standard. (Note the extension can't install the PKCS #11 software on your computer; you’ll be prompted to install the software separately.)
Extensions requesting this permission might:
* Offer features to use securely encrypted single sign-on mechanisms
* Provide a smartcard reader
=Read and modify privacy settings=
The extension could change privacy related settings controlling:
* Network behavior
* Whether passwords are stored in the browser’s password manager
* The way the browser interacts with websites
Extensions requesting this permission might:
* Disable browser storage of passwords as part of an enhanced password manager
* Help protect your privacy by managing the information made available in real-time chat and video applications
* Offer additional tracking protection features
=Control browser proxy settings=
The extension could direct some or all of your web browsing traffic to another computer (a proxy) on the internet.
Extensions requesting this permission might:
* Block access to certain websites or domains
* Provide access to certain websites and domains through proxy servers, for example, to enable browsing where it might otherwise be limited by geography
=Access recently closed tabs=
The extension could access a list of recently closed windows and tabs, reopen those tabs and windows, and remove details of these tabs and windows from the lists.
Extensions requesting this permission might:
* Provide an enhanced browser history manager
* Offer the ability to clean up or remove history for specific websites or domains
* Deliver features to reopen closed tabs
=Access browser tabs=
The extension could obtain the URL, title, and icon from any tab.
Extensions requesting this permission might:
* Access tab details to enable bookmarking
* Order and group tabs
* Move tabs between windows
* Provide an alternative way of listing tabs
=Store unlimited amount of client-side data=
The extension could store an unlimited amount of data using your browser’s data storage features.
Extensions requesting this permission might:
* Store large files, such as images, locally in your browser
* Offer an extensive local database of information
=Access browser activity during navigation=
The extension could listen for the steps the browser takes to navigate from a link to another page. The extension could then provide new features for the content on the page.
Extensions requesting this permission might:
* Detect when streamed videos are about to play and provide a download feature
* Look for and prevent ad pop-ups from opening
=Access MIDI devices with SysEx support=
The site permission extension enables a website to communicate with MIDI devices and send and receive SysEx data. SysEx data is arbitrary, often specific to a particular device model or manufacturer. Websites granted this permission can tamper with the device. While there are many legitimate use-cases for SysEx messages, a malicious website could corrupt the device's memory. The consequences of malicious action range from losing all the data stored in the device to rendering the device useless by overwriting the device’s program memory.
Extensions requesting this permission might:
* Back up a MIDI device's configuration data (presets, samples, etc.) for archival
* Restore the configuration of a MIDI device to a previously backed-up copy, or restore it to factory default
* Configure a MIDI device using a web interface
* Upgrade the firmware version of a MIDI device
* Communicate with the device, sending and receiving more complex, advanced messages than standard MIDI notes or CC messages. For example, setting an LED color, writing text on a screen, etc.
{for fx129}
=Manage extensions in private windows=
You can manage which extensions are active in private browsing by selecting the '''Run in Private Windows''' checkbox when granting a new extension permissions on your device. For more information, see [[Extensions in Private Browsing]].
;[[Image:Permissions request add-ons/ focus|width=400]]
{/for}
=Related content=
*[[Manage optional permissions for Firefox extensions]]
When you install an extension into Firefox, you may be presented with a message similar to this one:
{for fx129}[[Image:Permissions request add-ons|width=1000]]{/for}{for not fx129}[[Image:Fx128AddExtension-Permissions]]{/for}
{for fx129}{note}'''Note:''' See [[Extensions in Private Browsing]] regarding the ''Run in Private Windows'' checkbox.{/note}{/for}
This is an extension asking your permission to tap into Firefox’s inner framework (via APIs) to alter your browser’s behavior. These APIs might ask to read or write data you enter in webpages, read data from or access features on your computer, or alter the settings in your browser. If you don't see one of these messages, that means the extension won't try to access any of your data or change the settings in your browser.
So you can better understand what these messages mean in terms of practical impact on your browsing experience and your data, this article provides details about each of the messages.
(You're also encouraged to check out [[Tips for assessing the safety of an extension]] for further guidance on evaluating extensions.)
__TOC__
=Access your data for all websites=
The extension could read the content of any web page you visit, as well as data you enter into those web pages, such as usernames and passwords.
Extensions requesting this permission might:
* Read product and price information from a page to help find you the best price on items you're shopping for
* Offer a password manager that reads and writes details of your username and password
* Provide an ad blocker by reading the content of each web page you open to find and remove ad code
=Access your data for sites in the “named” domain=
The extension could read the content of web pages you visit in the specified domain, as well as data you enter into those web pages, such as usernames and passwords.
Extensions requesting this permission might:
* Update the look of some or all pages within the domain
* Block content, such as advertising or content using certain tags, from a domain’s content feed
=Access your data in # other domains=
Used in conjunction with the named domain message (above) when the extension is requesting access to five or more domains; the first three are listed and the other domain requests counted.
=Access your data for a specific site=
The extension could read the content of any web pages you visit at the specified website, as well as any data you enter into those web pages, such as usernames and passwords.
Extensions requesting this permission might:
* Update the look of some or all pages within the website
* Block content, such as advertising or content labeled with certain tags
=Access your data on # other sites=
Used in conjunction with the named website message (above) when the extension is requesting access to five or more websites – the first three are listed and the other website requests counted.
=Read and modify bookmarks=
The extension could create, modify or remove bookmarks, or change the folder structure in which bookmarks are stored.
Extensions requesting this permission might:
* Add bookmarks for their features or for certain web pages
* Provide enhanced bookmark management features
=Read and modify browser settings=
The extension could do one or more of the following:
* Enable or disable the display of popups
* Enable or disable the caching of web pages
* Set the browser to deny or prompt for all new requests to display notifications
* Read the URL of the browser’s home page
* Read the URL used in new tabs
* Determine how the browser displays animated images—plays as normal, once, or not at all
=Clear recent browsing history, cookies, and related data=
Extensions requesting this permission might offer enhanced features to clean up your browsing history.
The extension could clear any or all of:
* Browser cache
* Cookies
* Downloads
* History
* Local storage
* Plugin data
* Saved form data
* Saved passwords
=Get data from the clipboard=
The extension could retrieve data from the clipboard: The equivalent of “paste”.
Extensions requesting this permission might:
* Let you submit copied text into a translation tool
* Use a copied image to perform a lookup in a visual search engine
=Input data to the clipboard=
The extension could write data to the clipboard: The equivalent of “copy” or “cut”.
Extensions requesting this permission might add content to the clipboard, so you can use it elsewhere in your browser or computer.
=Extend developer tools to access your data in open tabs=
The extension could add a new panel to the developer tools and will be given access to all data in all tabs.
Extensions requesting this permission will usually deliver new [https://developer.mozilla.org/en-US/docs/Glossary/Developer_Tools developer tools]. However, some ordinary extensions use the developer tools to provide additional diagnostic or informational features. One example is [https://addons.mozilla.org/firefox/addon/adblock-plus/ Adblock Plus], which provides a feature in developer tools where you can see details of the ads and content it’s blocking.
=Download files and read and modify the browser’s download history=
The extension could save a file from the web or one created in the extension using the browser’s download manager. The extension could also access and update details of downloaded files stored in the download manager.
{note}'''Note:''' The extension has to obey the settings in the download manager, putting you in control of where the files are saved.{/note}
Extensions requesting this permission might:
* Save data from the extension to your computer (extensions aren’t allowed to write directly to your computer’s file system)
* Save files from a website or remote server
* Provide a feature to manage download history
=Open files downloaded to your computer=
The extension could request that the application on your computer that handles files of a specific type opens a downloaded file. For example, if you have Microsoft Word installed on your computer, the extension could request it to open files with “.docx”.
Extensions requesting this permission might:
* Open audio files in your computer’s music player
* Open documents, images, or other files in an editor
=Read the text of all open tabs=
The extension could perform a search of the text content of any tab.
Extensions requesting this permission might provide an enhanced “find” feature.
=Access your location=
The extension could obtain your location from your computer, GPS, the location associated with your IP address or some other method.
Extensions requesting this permission might:
* Provide information about your current location
* Record your location with data maintained in the extension
=Access browsing history=
The extension could do one of the following with your browser history:
* Search for pages
* Remove some or all pages
* Add pages
* Retrieve or remove details of visits to a page
* Access the list of “Top Sites” that are shown in the browser's new tab page
Extensions requesting this permission might:
* Offer features to remove browsing history for certain websites or domains
* Provide enhanced reporting on your browsing history
=Monitor extension usage and manage themes=
The extension could:
* Get information about installed add-ons (extensions and themes)
* Enable and disable themes
* Uninstall itself
* Get notifications of add-ons being installed, uninstalled, enabled or disabled
Extensions requesting this permission might:
* Monitor add-on installation to check for any potential conflicts
* Change or manage themes
=Exchange messages with programs other than Firefox=
The extension could send messages to and receive them from a complementary native app on your computer.
The complementary app needs to be installed on your computer independently of the extension. This usually happens in one of two ways:
* The extension will provide a guide to the steps you should follow to install the app
* You would have installed an app that then suggests you install an extension in Firefox
Please note that Mozilla has not vetted or reviewed the complementary app. You should approach the installation of the complementary app with the same caution you would apply when installing any third party software from the internet.
Extensions requesting this permission might:
* Use a complementary app to communicate with hardware attached to your computer
* Store usernames and passwords using a secure method not available to a browser
* Perform extensive computations in a complimentary app
=Display notifications to you=
The extension could issue notifications through the standard notification system offered by your computer’s operating systems.
Extensions requesting this permission might:
* Alert you to the completion of background or long-running tasks in the extension
* Aggregate messages from one or more web services
=Provide cryptographic authentication services=
The extension could access software on your computer for generating and validating security keys and certificates using the PKCS #11 standard. (Note the extension can't install the PKCS #11 software on your computer; you’ll be prompted to install the software separately.)
Extensions requesting this permission might:
* Offer features to use securely encrypted single sign-on mechanisms
* Provide a smartcard reader
=Read and modify privacy settings=
The extension could change privacy related settings controlling:
* Network behavior
* Whether passwords are stored in the browser’s password manager
* The way the browser interacts with websites
Extensions requesting this permission might:
* Disable browser storage of passwords as part of an enhanced password manager
* Help protect your privacy by managing the information made available in real-time chat and video applications
* Offer additional tracking protection features
=Control browser proxy settings=
The extension could direct some or all of your web browsing traffic to another computer (a proxy) on the internet.
Extensions requesting this permission might:
* Block access to certain websites or domains
* Provide access to certain websites and domains through proxy servers, for example, to enable browsing where it might otherwise be limited by geography
=Access recently closed tabs=
The extension could access a list of recently closed windows and tabs, reopen those tabs and windows, and remove details of these tabs and windows from the lists.
Extensions requesting this permission might:
* Provide an enhanced browser history manager
* Offer the ability to clean up or remove history for specific websites or domains
* Deliver features to reopen closed tabs
=Access browser tabs=
The extension could obtain the URL, title, and icon from any tab.
Extensions requesting this permission might:
* Access tab details to enable bookmarking
* Order and group tabs
* Move tabs between windows
* Provide an alternative way of listing tabs
=Store unlimited amount of client-side data=
The extension could store an unlimited amount of data using your browser’s data storage features.
Extensions requesting this permission might:
* Store large files, such as images, locally in your browser
* Offer an extensive local database of information
=Access browser activity during navigation=
The extension could listen for the steps the browser takes to navigate from a link to another page. The extension could then provide new features for the content on the page.
Extensions requesting this permission might:
* Detect when streamed videos are about to play and provide a download feature
* Look for and prevent ad pop-ups from opening
=Access MIDI devices with SysEx support=
The site permission extension enables a website to communicate with MIDI devices and send and receive SysEx data. SysEx data is arbitrary, often specific to a particular device model or manufacturer. Websites granted this permission can tamper with the device. While there are many legitimate use-cases for SysEx messages, a malicious website could corrupt the device's memory. The consequences of malicious action range from losing all the data stored in the device to rendering the device useless by overwriting the device’s program memory.
Extensions requesting this permission might:
* Back up a MIDI device's configuration data (presets, samples, etc.) for archival
* Restore the configuration of a MIDI device to a previously backed-up copy, or restore it to factory default
* Configure a MIDI device using a web interface
* Upgrade the firmware version of a MIDI device
* Communicate with the device, sending and receiving more complex, advanced messages than standard MIDI notes or CC messages. For example, setting an LED color, writing text on a screen, etc.
{for fx129}
=Manage extensions in private windows=
You can manage which extensions are active in private browsing by selecting the '''Run in Private Windows''' checkbox when granting a new extension permissions on your device. For more information, see [[Extensions in Private Browsing]].
;[[Image:Permissions request add-ons/ focus|width=400]]
{/for}
=Related content=
*[[Manage optional permissions for Firefox extensions]]