Mozilla has been battling to prevent third-party add-ons from installing automatically for a while now. Plenty of apps add their extensions, toolbars and so on to browsers without users even noticing it.
For a while, they could do this and users wouldn't even notice that the add-ons were installed.
Then, Firefox started purging add-ons at each update, search for those that have been added automatically and asking users to enable them if they really want them. Otherwise, they would be disabled automatically.
But this isn't enough, there are still plenty of add-ons that get installed with little oversight from the user. Which is why Mozilla is now making its add-on installation policies clearer.
There should be only two ways an add-on can be installed. Users can install the extensions explicitly from the Mozilla Add-on repository or from other sites for self-hosted add-ons.
The second option is an external install that has to notify the user and ask for permission in the browser before proceeding.
In practice, this means a new tab in which the user is notified that an add-on is being installed and where he or she has to check the "Allow this installation" box to continue.
What's more, Mozilla is banning all modifications to this page or to the notifications, to make sure users are informed.
"There are two differences between this and previous policy. First, we used to allow a hybrid install method where an external installer opened Firefox and opened a new tab pointing directly to the XPI installer," Mozilla's Jorge Villalobos writes
"After discussion with the SUMO team, we now realize that this isn’t clear enough for our users. Secondly, we’re making it clear that we’re not okay with installers placing information on top of the opt-in screen. This was becoming a trend in application installers and we hadn’t taken a clear position as to whether this was allowed or not," he said.
The end result should be fewer add-ons that sneak past and embed themselves into Firefox. This should translate in a faster Firefox for most users and a better feeling of control over the browser.