Starting next week, all new Firefox extensions will be required to declare their personal data collection and transmission practices in the manifest file using a specific key, Mozilla announced.
The change is meant to provide users with increased visibility into these practices during the extension installation process.
The change only applies to new extensions, and not to new versions of existing extensions, and involves the use of the browser_specific_settings.gecko.data_collection_permissions key when declaring data collection capabilities in the manifest.json file.
“Extensions that do not collect or transmit any personal data are required to specify this by setting the none required data collection permission in this property,” Mozilla explains.
An extension’s data collection practices will also be displayed on the addons.mozilla.org page, but only if it is publicly listed. Users will also see the information when navigating to the extension’s Firefox about:addons page, in the Permissions and Data section.
“If an extension supports versions of Firefox prior to 140 for Desktop, or 142 for Android, then the developer will need to continue to provide the user with a clear way to control the add-on’s data collection and transmission immediately after installation of the add-on,” Mozilla notes.
Extensions that begin using the data_collection_permissions keys will be required to continue using them for all subsequent iterations. Extensions that are required to use the property but do not set it correctly can not be submitted to addons.mozilla.org for signing.
Starting next year, all Firefox extensions will be required to use the data_collection_permissions keys when declaring data collection capabilities, Mozilla announced.
Related: Hackers Target Perplexity Comet Browser Users
Related: Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities
Related: Browser Extensions Pose Serious Threat to Gen-AI Tools Handling Sensitive Data
Related: Threat Actors Use SVG Smuggling for Browser-Native Redirection
