View Other Properties

Contents

View Other Properties

How to List Firefox Add-ons Across All Mac, Windows, and Linux Devices

Using Kolide, You Can Easily View and Query Firefox Add-ons Across Your Fleet.

Introduction

Mozilla Firefox provides the ability to extend the core functionality of the browser via the installation of 'addons'. Addons may be published by Mozilla or by 3rd party authors, and can be distributed either through the Mozilla Firefox Addons or via manual download and installation.

A small subset of extensions are installed by default by Firefox (eg. Firefox Screenshots, Form Autofill, Google Search, Wikipedia, etc.).

Firefox addons are installed on a per-profile basis and can be enabled or disabled while remaining installed.

Firefox Addons can do, among other things: Extend the functionality of Mozilla Firefox (such as integrating with installed apps like 1Password) Customize the appearance of Mozilla Firefox through the installation of 'Theme' extensions

Kolide collects metadata about Mozilla Firefox addons such as their name, their publisher, their version, and whether they are enabled.

What Firefox Add-on Data Can Kolide Collect?

Kolide's endpoint agent bundles in osquery to performantly collect Firefox Add-ons from Mac, Windows, and Linux devices in your fleet. Once collected, Kolide will parse, clean up, and centrally store this data in Inventory for your team to view, query, or export via API.

Kolide metliciously documents every piece of data returned so you can understand the results.

Firefox Add-ons Schema

Column Type Description
id Primary Key

Unique identifier for the object

device_id Foreign Key

Device associated with the entry

device_name Text

Display name of the device associated with the entry

active Boolean

true If the Firefox add-on is active otherwise false

addon_type Enum::Text

The type of Firefox add-on

Can be one of the following:

  • dictionary
  • extension
  • theme
  • webextension
autoupdate Boolean

true If the Firefox add-on applies background updates otherwise false

creator Text

Firefox add-on creator string

description Text

Author supplied description of the Firefox add-on

disabled Boolean

true If the Firefox add-on is application-disabled otherwise false

identifier Text

The unique identifier for the Firefox add-on

location Text

Global, profile location

mozilla_addons_average_daily_users Bigint

The average daily users for this add-on in the Mozilla Add-Ons directory

mozilla_addons_average_rating Float

The average rating (0 - 5) for this add-on in the Mozilla Add-Ons directory

mozilla_addons_icon_url Text

The Mozilla Add-Ons url of the icon

mozilla_addons_latest_version Text

The latest version available for this add-on in the Mozilla Add-Ons directory

mozilla_addons_report Jsonb

The raw JSON response from Mozilla Add-Ons directory

mozilla_addons_signed_by_mozilla Boolean

true if the add-on is verified and signed by Mozilla. More Information

mozilla_addons_updated_at Timestamp

The freshness of the Mozilla Add-Ons directory data associated with this Add-On

mozilla_addons_weekly_downloads_count Bigint

The weekly downloads count for this add-on in the Mozilla Add-Ons directory

name Text

The display name of the Firefox add-on

native Boolean

true If the Firefox add-on includes binary components otherwise false

path Text

Path to Firefox add-on bundle

source_url Text

URL that installed the Firefox add-on

uid Bigint

The local user that owns the Firefox add-on

visible Boolean

true If the Firefox add-on is shown in browser otherwise false

version Text

The text representation of the version

version_major Bigint

version's semver major version (ex: 4.2.1 would yield 4)

version_minor Bigint

version's semver minor version (ex: 4.2.1 would yield 2)

version_patch Bigint

version's semver patch version (ex: 4.2.1 would yield 1)

version_subpatch Bigint

version's numeric status fourth position number (ex: 4.2.1.6 would yield 6)

version_pre Text

version's semver pre-release version (ex: 1.2.3-prerelease+build would yield pre-release)

version_build Text

version's semver build version (ex: 1.2.3-prerelease+build would yield build)

collected_at Timestamp

Time the row of data was first collected in the database

updated_at Timestamp

Time the row of data was last changed in the database

What Can You Do With This Information?

Kolide enables you to write your own queries against the data the agent collects. This allows you to build your own reports and API endpoints. For example, you can:

Search for installations of browser extension by name (1Password)
Kolide SQL
WITH 
collated_extensions AS (
  SELECT
    device_id,
    browser_type AS browser,
    uid, 
    name, 
    identifier, 
    version, 
    '' AS profile
  FROM device_chrome_extensions
  UNION ALL
  SELECT
    device_id,
    'firefox' AS browser,
    uid, 
    name, 
    identifier, 
    version, 
    '' AS profile
  FROM device_firefox_addons
  UNION ALL
  SELECT
    device_id,
    'safari' AS browser,
    uid, 
    name, 
    team_identifier AS identifier, 
    version, '' AS profile
  FROM mac_safari_extensions
  )
  SELECT 
    COUNT(*) AS install_count, 
    name, 
    browser, 
    identifier, 
    version 
  FROM collated_extensions 
  WHERE name ILIKE '%1password%'
  GROUP BY identifier, name, browser, version
  ORDER BY install_count DESC
  LIMIT 10
Example Results
name browser version identifier install_count
1Password – Password Manager chrome 2.3.4 aeblfdkhhhdcdjpifhhbdiojplfjncoa 27
1Password extension (desktop app required) chrome 4.7.5.90 aomjjhallfgjeglblehebfpbcfeobpgk 11
1Password – Password Manager chrome 2.3.3 aeblfdkhhhdcdjpifhhbdiojplfjncoa 8
1Password – Password Manager chrome 2.3.2 aeblfdkhhhdcdjpifhhbdiojplfjncoa 8
1Password safari 7.9.5 2BUA8C4S2C 8
1Password safari 7.9.2 2BUA8C4S2C 7
1Password – Password Manager firefox 2.3.3 {d634138d-c276-4fc8-924b-40a0ea21d284} 4
1Password safari 7.8 2BUA8C4S2C 4
1Password beta (desktop app required) chrome 4.7.6.2 phicbbndgmmpogmijjkbmdhpioaieaha 4
1Password for Safari safari 2.2.3 2BUA8C4S2C 3

Why Should I Collect Firefox Add-ons?

Due to the high-value of a user's browser activity, Mozilla Firefox is a frequent target of malware authors who wish to obtain secure details about an end-user (eg. sites they visit, credit cards they use, etc.) and its extension configuration should be regularly audited to ensure that they are not at risk of attack.

Firefox addon installations are cataloged and tracked to facilitate a number of potential purposes, for example:

  • Reviewing installed addons to verify the desired configuration of Firefox (eg. 1Password extension is installed)
  • Discovering potential malicious addons

End-User Privacy Consideration

Kolide practices Honest Security. We believe that data should be collected from end-user devices transparently and with privacy in mind.

Addons which you install could reveal suggestive details about your personal browsing habits if they are named after a specific service you utilize. For example:

  • eBay Bid Sniper
  • Adult Website Video Downloader
  • Netflix Region Unblocker
  • Firefox BitCoin Miner

When you use Kolide to list Firefox Add-on data from end-user devices, Kolide gives the people using those devices insight into exactly what data is collected, the privacy implications, and who on the IT team can see the data. This all happens in our end-user privacy center which can be accessed by employees through Slack or Google Workspace account.

Share this story:

Related Device Properties:

New
Mac Safari Extensions
apple, software, web-browsers, extensions
New
Chrome Extensions
google, software, web-browsers, extensions
New
VSCode Extensions
software, extensions, ide, developers
View full list of Kolide's Device Properties
Try Kolide Free
Try Kolide Free