Back to binalyze.com

Firefox Extensions

Overview

Evidence: Firefox Extensions Description: Collect Firefox Extensions (Addons) Category: Applications Platform: windows Short Name: fext Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Firefox extensions (add-ons) enhance browser functionality but can pose significant security risks. Malicious extensions can steal credentials, inject ads, track browsing activity, exfiltrate data, and modify web content. Understanding installed extensions is crucial for detecting browser-based attacks and unauthorized access.

Data Collected

This collector gathers structured data about firefox extensions.

Firefox Extensions Data

Field
Description
Example

ExtensionID

Extension ID

Example value

SyncGUID

Sync GUID

Example value

Version

Version

Example value

Username

Username

Example value

Type

Type

Example value

Name

Name

Example value

Description

Description

Example value

Visible

Visible

true

Active

Active

true

UserDisabled

User Disabled

true

AppDisabled

App Disabled

true

Path

Path

Example value

DefaultLocale

Default Locale

Example value

Hidden

Hidden

true

InstallTelemetryInfo

Install Telemetry Info

Example value

Location

Location

Example value

ManifestVersion

Manifest Version

123

OptionsURL

Options URL

Example value

OptionsType

Options Type

123

SourceURI

Source URI

Example value

SignedState

Signed State

123

Incognito

Incognito

Example value

UserPermissions

User Permissions

Example value

OptionalPermissions

Optional Permissions

Example value

InstallDate

Install Date

2023-10-15 14:30:25+03:00

UpdateDate

Update Date

2023-10-15 14:30:25+03:00

SignedDate

Signed Date

2023-10-15 14:30:25+03:00

Collection Method

This collector parses Firefox extensions.json and addons.json files from user profiles to extract installed extension information including names, IDs, versions, descriptions, permissions, and installation sources.

Forensic Value

Firefox extension data provides insight into potential compromise vectors and data exfiltration paths. Malicious or suspicious extensions may indicate phishing attacks, credential theft, adware infections, or privacy violations. This evidence helps identify attack entry points, persistence mechanisms, and unauthorized browser modifications.

PreviousFirefox DownloadsNextFirewall Rules

Last updated

Was this helpful?