A researcher successfully scraped and installed all 84,194 available Firefox extensions to test browser performance, revealing significant stability issues and widespread security risks within the add-on ecosystem.

Key Points

• The project involved scraping the public Firefox add-ons API to download every available extension, totaling approximately 50 gigabytes of data.
• Analysis identified numerous malicious extensions, including phishing tools designed to steal cryptocurrency seed phrases and Potentially Unwanted Applications (PUAs).
• The largest extension, dmitlichess, measured 196.3 MB, while the most prolific developer published 84 separate extensions.
• Attempting to run all extensions simultaneously caused Firefox to consume up to 37 GB of RAM and rendered the browser effectively unusable.
• The researcher documented that 34.3% of all extensions have zero daily users, while 76.7% are open-source.
• The full dataset of extensions has been uploaded to Hugging Face for further community analysis.

Why it Matters

This experiment highlights the extreme performance limitations of modern browsers when managing massive extension libraries and exposes the prevalence of low-quality or malicious software in public repositories. It serves as a cautionary tale for users regarding the security risks of installing obscure add-ons and the potential for browser-based data exploitation.