Traditionally, browsers such as Mozilla’s Firefox and Google’s Chrome have allowed their users to install extensions from any source so that they can customize their experiences and offer incentives for third-party developers to create services for the browsers. Recently, however, both companies have completely turned away from this philosophy due to a huge increase in cyber-attacks and some specific instances where users from both browsers got infected by malicious extensions. And while this road has definitely reduced outbreaks from unapproved extensions and add-ons, it is an annoying restriction for those among us who have always sought extensions from multiple places and not just the official stores.
Google’s extension changes were first announced in May 2014 and they came into full effect approximately a year later. Around that time, users could still switch to the Developer channel and install any extension that they wanted but the company later changed that too. Now, developers can load unpacked extension via the Developer mode service so they can no longer distribute extension files in the .crx format because they simply do not work. Even when developers load unpackaged extensions, Chrome issues a warning every time it opens as Google did not want the mode to be used for malicious purposes.
The bottom line is that no matter what you do, you simply cannot install unauthorized browser extensions on Chrome itself. If you really want to use some extensions which reside outside the Chrome Web Store then you will have to install another Chromium browser that supports them, such as Opera. The Chromium project as a whole has issued the same extension bans found in Google’s Chrome so Opera may actually be your best bet. That or Tampermonkey scripts which we will look into more detail further below.
Mozilla is following on Google’s footsteps in regards to extensions as the company now also considers them to be security breaches which have to be controlled though it is taking a somewhat different route. First of all, users can indeed install extensions found outside the Mozilla Add-ons Gallery and they will be able to do so freely until Firefox 44, a version which will arrive in January 2016. When that version arrives, extensions will need to be signed by Mozilla otherwise they will not work on Firefox. This means that approved developers will still be able to host extensions outside the official store but only after they have gone through the company.
For more advanced users, a possible solution is to switch to the Firefox Developer Edition which comes with built-in developers tools or even Firefox Nightly, the highly experimental version of Firefox which constantly tests out new features so it is not supposed to be stable.
Mozilla has also said that it will release “special unbranded versions” of both the Release and Beta versions of its browser with two major differences. First, these versions will use a generic name and logo instead of the Firefox ones and secondly, they will allow you to remove the restrictions for extensions so you can install whatever you want. To disable signature checks for extensions in those browsers, type about:config into the Address bar and press Enter. Then, search for xpinstall.signatures.required and double click on the result that appears. Its value should have changed to “false” now, meaning it is disabled and that you can get out of that page whenever you want.
Bonus: User scripts
User scripts can best be described as something between a full extension and a bookmarklet. To take advantage of those scripts, users must first install Greasemonkey (for Firefox) or Tampermonkey (for Chrome). After you have done that you can find user scripts that will automatically run on certain pages and perform relevant tasks. For instance, the “YouTube Auto Buffer & Auto HD” script will automatically buffer videos in high definition without auto-playing them first.
GreasyFork and OpenUserJS are two user script repositories that are still getting updated but you can find user scripts everywhere on the internet. Your best bet is to search for a specific function on a search engine along with a string such as “user scripts” or, better yet, “.user.js”. These tools will not really replace extensions but some of you may find them enough.