
Firefox Add-Ons Must Declare Data Collection—or Be Rejected
From Daily Security Review by Daily Security Review
October 28, 2025 · 29 min · Episode 320
About this episode
Mozilla requires Firefox extensions to disclose data collection practices to enhance user transparency and control.
Mozilla is taking a decisive step toward transparency and user control by requiring all Firefox extensions to disclose how they collect and handle personal data. The new mandate introduces a dedicated key— browser_specific_settings.gecko.data_collection_permissions —that every extension must include in its manifest file. Whether or not an extension collects data, developers must explicitly declare their practices, ensuring there is no room for ambiguity. This policy introduces what many are calling a “privacy nutrition label” for browser add-ons, allowing users to see data collection details before installation. The information will be prominently displayed both on the addons.mozilla.org extension listing pages and within Firefox’s about:addons management interface. By placing this information front and center, Mozilla is giving users the ability to make more informed decisions about which extensions they trust with their data. For developers, compliance isn’t optional. Any extension that fails to properly declare its data collection policies will be rejected during the signing process , blocking it from distribution through Mozilla’s add-on store. Even extensions that support…
Topics covered
- data collection
- privacy
- browser extensions
- user control
- transparency
Keywords
- Firefox
- data collection
- privacy nutrition label
- Mozilla
- browser extensions
Mentioned in this episode
Organizations: Mozilla, addons.mozilla.org, Mozilla’s add-on store
Products: Firefox, Firefox extensions
More episodes of Daily Security Review
- Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad” · October 29, 2025 · 27 min
- Operation ForumTroll: Chrome Zero-Day Tied to Italian Spyware Developer Memento Labs · October 29, 2025 · 37 min
- Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025 · October 28, 2025 · 26 min
- Chainguard’s $3.5 Billion Valuation Signals Massive Investor Confidence in Secure-by-Default Software · October 28, 2025 · 25 min
- $1 Million WhatsApp Exploit Withdrawn—Researcher Silent, Meta Calls It “Low-Risk” · October 28, 2025 · 20 min
- OpenAI Atlas Omnibox Jailbreak Exposes New AI Security Flaw · October 27, 2025 · 35 min
Explore listener stats, chart rankings, contacts and more on the Daily Security Review podcast page.