[Blog post] Firefox to discontinue sideloaded extensions

Sideloading is a method of installing an extension in Firefox by adding an extension file to a special location using an executable application installer. This installs the extension in all Firefox instances on a computer.

Sideloaded extensions frequently cause issues for users since they did not explicitly choose to install them and are unable to remove them from the Add-ons Manager. This mechanism has also been employed in the past to install malware into Firefox. To give users more control over their extensions, support for sideloaded extensions will be discontinued.

Read more on the Add-ons Blog >>

1 Like

So just to verify that I’ve understood this correctly - with this change there will be no way for us to automate the installation of extensions in an enterprise estate?

You system administrator can set addons to be installed/uninstalled/locked on client PCs via GPO. For more details:

But you need to pay attention that addons installed in this way are placed into each user profile. On sideloading you just need to replace installed XPI file to update addons. On the other hand, on this new way it is hard to replace XPI files installed into user profiles. Thus you need to provide your custom update information for the addon on your website (or somewhere).

Ok, so can that install/update URL be an URL pointing to AMO? I.e. still distribute/update it via AMO, but automate installation via GPO?

What about Linux distributions like Debian where it is possible to install extenstions via package manager? Locking extensions installation to AMO-only is a path to vendor-locking.

If you don’t include update URL in the manifest.json of an addon, Firefox fetches update info for it from AMO.

Great, thanks. Seems we have a way forward then. :+1:

The blog post only mentions sideloading by adding the extension file to a special location. What about other installation methods, like “Install Add-on From File”, dragging and dropping an .xpi file in the Firefox window or running “firefox.exe extension-file.xpi” from command line? Will these flows be affected?

They should continue to work as they do today.