为了保护 Firefox 用户的安全和权益，Mozilla 要求所有附加组件遵守一系列做法政策。具体的适用政策取决于若干情况，最重要的取决于其是否托管在 addons.mozilla.org（简称 AMO），以及附加组件如何在其他地方分发。
本文件概述了不同类别的附加组件预期遵守的政策。无论附加组件的类别如何，这些策略都通过 AMO 推行的强制性检查流程执行，以及由 Firefox 实施的强制性代码签名检查。
在 AMO 上架
在 AMO 上上架的附加组件必须接受人类审核者的审查。在审查开始前，用户可以通过其详细信息页面的链接直接访问该附加组件，但不会在其他地方向公众展示。在获得批准后，附加组件将有一个公开的页面，包括截图、说明和用户评论；该附加组件也将出现在搜索结果、收藏集和偶尔推荐中。现有用户将自动接收发布到 AMO 的版本更新。
在 AMO 上上架的附加组件有两种审核类别，两者有着不同的要求和功能支持。
- Add-ons in the preliminary review track undergo full, though less detailed, code review, but in general do not undergo functional testing. These add-ons must not cause security problems, or seriously hamper the usability of the browser, but otherwise have few qualifications. As a result, these add-ons are displayed less prominently in search results, and their listing pages warn users about potential quality issues prior to installation.
Unlisted add-ons must be uploaded to AMO prior to distribution, but are otherwise not accessible to the public via the site. These add-ons must be distributed elsewhere by their publishers. Depending on the manner of distribution, unlisted add-ons undergo a fully-automated review, with possible post-signing code reviews.
While these add-ons are automatically signed, they are held to very similar standards to those of listed add-ons. The primary difference is that these add-ons must manage their own updates.
|降低 HTTPS 网站的安全性||✘||✘||✘|
|未经用户同意更改 Firefox 首选项||✘||✘|
|违反 Mozilla 可接受使用政策||✘||✘||✘|
Because add-ons run in an environment with elevated privileges relative to ordinary web pages, they present a very serious set of security considerations. They have the potential to open security holes not only in the add-ons themselves, but also in the browser, in web pages, and in particularly worrying cases, the entire system the browser is running on. As a result, we take our security policies very seriously, and apply most of them to all add-ons, whether hosted on AMO or not. We expect all add-ons to be secure, not only in their handling of their own data, and of user data, but also in all of their interaction with the web, the browser, and the operating system.
We take user sovereignty and privacy extremely seriously. Whether hosted on AMO or not, we require all add-ons to respect users choices and their reasonable expectations of privacy. In particular, this means that add-ons may not limit users control of their browsers, by making it impossible to permanently change settings (such as the homepage or search engine), preventing users from uninstalling them, hiding their presence from users, or installing toolbar buttons or other UI elements which cannot be permanently removed via the UI customization process.
Features like advertising or certain forms of user activity tracking may be required to be opt-in, or at least opt-out, depending on the privacy and security impact, and whether the feature is necessary for the add-on to function or not. Since these are usually additional monetization features that are unrelated to what the add-on is meant to do, they generally require an opt-in for listed add-ons and an opt-out for unlisted ones. Some forms of tracking, like gathering all visited URLs, are generally forbidden even for unlisted add-ons. The decision to activate or deactivate these features and its implications must be clearly presented to the user.
We expect all add-ons to work without significantly degrading users' experience with the browser. In particular, add-ons may not adversely affect browser performance, break built-in features, or damage the user interface. For add-ons listed on AMO, requesting full review, we likewise expect a consistent generally positive user experience for any functionality provided by the add-on.
While we have no interest in controlling the types of functionality provided by add-ons in the wild, there are certain types of content that
addons.mozilla.org cannot host. In particular, all content hosted on the site must conform to the laws of the United States, and comply with the Mozilla acceptable use policy.
Add-ons may contain binary, obfuscated and minified source code, but Mozilla must be allowed to review a copy of the human-readable source code of each version of an add-on submitted for review. In such cases, the author will receive a message when the add-on is reviewed indicating whom to contact at Mozilla to coordinate review of the source code. This code will be reviewed by an administrator and will not be shared or redistributed in any way. The code will only be used for the purpose of reviewing the add-on.
Instructions for reproducing obfuscation are also required, please read the details of this guideline to ensure a swift review.
If your add-on contains code that you don't own or can't get the source code for, you may contact us for information on how to proceed.
Add-ons that don't meet the bar for Unlisted Web Install may qualify for blocklisting, depending on the extent of their problems. The Add-ons Team will do their best to contact the add-on's developers and provide a reasonable time frame for the problems to be corrected before a block is deployed. If an add-on is considered malicious or its developers have proven unreachable or unresponsive, or in case of repeat violations, blocklisting may be immediate.