Mozilla Add-ons Store Overhaul: Closed-Group Extensions Allowed, Privacy Policies Simplified
Do Son 
The Mozilla Foundation, the developer behind the Firefox browser, has recently revised its policies governing the Mozilla Add-ons (AMO) store. These updates will take effect on August 4, 2025, and the foundation has published a detailed blog post highlighting the distinctions between the current and upcoming versions.
Of particular note is the removal of the ban on closed-group extensions—a longstanding restriction that prohibited the distribution of extensions intended solely for specific user groups. With this policy change, developers are now permitted to submit extensions tailored for defined audiences, user groups, or privileged accounts. These extensions are typically designed for internal or private use within smaller communities, and this new flexibility allows developers to distribute restricted or non-public add-ons more easily and for a wider range of purposes.
Other significant policy adjustments include:
- Clarified data consent and control terminology: The updated data policy now draws a clearer line by permitting extensions to transmit only the data strictly necessary for their functionality. Previously, the policy blurred distinctions between “data collection” and “data transmission”; the new version removes references to data collection and focuses entirely on transmission-related concerns.
- Privacy policies no longer required to be hosted on AMO: In an effort to reduce developer overhead and publishing friction, developers are no longer required to host their privacy policies directly on the Add-ons platform. Instead, they may now reference externally hosted privacy policy pages.
- New policy on user script APIs: Extensions that function as user script managers—tools that allow users to inject custom scripts to alter a website’s appearance or behavior—must adhere to new rules. The updated policy stipulates that the
userScriptsAPI may only be used for managing user scripts and may not be repurposed to extend or modify the functionality of the script manager itself. - Refined source code submission guidelines: All extensions must provide source code suitable for review, whether obfuscated, minified, or machine-generated. The revised policy further specifies that all dependencies must either be included directly in the source code package or retrievable solely via an official package manager during the build process.
Related Posts:
- Firefox Bolsters Security: New Scan Detects Crypto Wallet Thieves!
- Critical QNAP NAS Vulnerabilities Allow Remote Code Execution
- Microsoft Introduces New Publish API to Enhance Security of Edge Extensions
- Microsoft Clarifies Windows 11 Installation on Unsupported Devices: Proceed with Caution
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
