Starting in November 2025, Mozilla will require Firefox extension developers to clearly state whether their add-ons collect or share user data with third parties.
The new rule aims to improve transparency and help users make informed decisions before installing extensions.
Beginning November 3, 2025, developers must include details about their data practices in the manifest.json file using a new key called browser_specific_settings.gecko.data_collection_permissions. Mozilla plans to make this requirement mandatory for all existing extensions during the first half of 2026.
Developers will need to specify if their extensions collect personally identifiable information such as names, email addresses, search terms, or browsing activity data like visited domains and URLs. Even if an extension does not collect any personal data, it must explicitly state so to ensure full transparency.
This information will be shown to users when they install an extension, alongside its requested permissions. It will also appear on the add-on’s listing page on addons.mozilla.org and in the “Permissions and Data” section of Firefox’s add-on management page.
Mozilla says users will be able to accept or reject data collection just like they do with permission requests. Extensions that fail to declare their data collection policies properly will be blocked from submission to Mozilla’s add-on repository, and developers will receive error messages explaining the issue.
This new disclosure rule will initially apply only to newly submitted extensions. Existing add-ons will need to comply once they update to use the new framework.
Mozilla has been rolling out several updates to strengthen extension security and transparency. Last month, it announced that developers would be allowed to roll back to previously approved versions to fix urgent bugs.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Earlier in June, Mozilla also introduced a new security feature to prevent malicious extensions from draining users’ cryptocurrency wallets.
