Is "Progressive Web Apps for Firefox" on Firefox Add-ons Safe to Install?
Progressive Web Apps (PWAs) are web apps that use web APIs and features along with progressive enhancement strategy to bring a native app-like user experience to cross-platform web applications. Although Firefox supports many of Progressive Web App APIs, it does not support functionality to install them as a standalone system app with an app-like experience. This functionality is often also known as a Site Specific Browser (SSB). This project creates a custom modified Firefox runtime to allow websites to be installed as standalone apps and provides a console tool and browser extension to install, manage and use them. You can check out the installation and usage instructions on our documentation website . You can also check out the project's source code and more information on the GitHub repository . Note: When updating to 2.17.2, you may see a popup from Firefox that the extension may now collect or transmit the browsing activity. This is because according to the Firefox Add-ons Policies, communication with the native messaging host is considered data collection and transmission. No changes regarding the actual transmission have been made. No personal data leave the computer or are sent to third parties. Browsing data (the current website and manifest URLs) is only sent to the native program when installing a web app and stored locally. Note: I will appreciate it if you read and participate in a GitHub discussion to suggest how to make this project more user-friendly and which features would you like the most. You can also read and participate in a GitHub discussion about the documentation website.
Risk Assessment
Analyzed281 security findings detected across all analyzers
Firefox extension requesting 8 permissions
Severity Breakdown
Finding Categories
YARA Rules Matched
11 rules(64 hits)Requested Permissions
8 permissionsExchange messages with programs outside the browser
Intercept, modify, and block all network requests
Block network requests before they complete
About This Extension
Detailed Findings
66 totalYARA Rule Matches
11 rulesIndicators of Compromise
Network indicators, suspicious strings, and potential IoCs extracted during analysis
All Indicators · 206
detected Domain: offcanvas-xl.show XIOC detected Domain: offcanvas-xl.show
extracted_from_files
detected Domain: object.prototype.tostring.call XIOC detected Domain: object.prototype.tostring.call
extracted_from_files
detected URL: https://pwasforfirefox.filips.si/ XIOC detected URL: https://pwasforfirefox.filips.si/
extracted_from_files
detected URL: https://github.com/filips123/PWAsForFirefox XIOC detected URL: https://github.com/filips123/PWAsForFirefox
extracted_from_files
detected URL: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Content_scripts XIOC detected URL: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Content_scripts
extracted_from_files
detected URL: https://www.mozilla.org/about/legal/terms/firefox/ XIOC detected URL: https://www.mozilla.org/about/legal/terms/firefox/
extracted_from_files
detected URL: https://www.mozilla.org/privacy/firefox/ XIOC detected URL: https://www.mozilla.org/privacy/firefox/
extracted_from_files
detected URL: https://github.com/filips123/pwasforfirefox/releases XIOC detected URL: https://github.com/filips123/pwasforfirefox/releases
extracted_from_files
detected URL: https://portableapps.com/download XIOC detected URL: https://portableapps.com/download
extracted_from_files
detected URL: https://signpath.org/ XIOC detected URL: https://signpath.org/
extracted_from_files
detected URL: https://about.signpath.io/ XIOC detected URL: https://about.signpath.io/
extracted_from_files
detected URL: https://packagecloud.io/filips/FirefoxPWA XIOC detected URL: https://packagecloud.io/filips/FirefoxPWA
extracted_from_files
detected URL: https://brew.sh/ XIOC detected URL: https://brew.sh/
extracted_from_files
detected URL: https://github.com/sagiegurari/cargo-make XIOC detected URL: https://github.com/sagiegurari/cargo-make
extracted_from_files
detected URL: https://wixtoolset.org/docs/wix3/ XIOC detected URL: https://wixtoolset.org/docs/wix3/
extracted_from_files
detected URL: https://pwasforfirefox.filips.si/help/faq/#how-to-use-an-alternative-browser-as-an-app-browser XIOC detected URL: https://pwasforfirefox.filips.si/help/faq/#how-to-use-an-alternative-browser-as-an-app-browser
extracted_from_files
detected URL: https://pwasforfirefox.filips.si/help/faq/#how-to-use-fuse-overlayfs-with-the-app-browser XIOC detected URL: https://pwasforfirefox.filips.si/help/faq/#how-to-use-fuse-overlayfs-with-the-app-browser
extracted_from_files
detected URL: https://github.com/microsoft/winget-cli#installing-the-client XIOC detected URL: https://github.com/microsoft/winget-cli#installing-the-client
extracted_from_files
detected URL: https://chocolatey.org/install XIOC detected URL: https://chocolatey.org/install
extracted_from_files
detected URL: https://www.npackd.org/ XIOC detected URL: https://www.npackd.org/
extracted_from_files
detected URL: https://scoop.sh/ XIOC detected URL: https://scoop.sh/
extracted_from_files
detected URL: https://7-zip.org/license.txt XIOC detected URL: https://7-zip.org/license.txt
extracted_from_files
detected URL: https://www.mozilla.org/firefox/ XIOC detected URL: https://www.mozilla.org/firefox/
extracted_from_files
detected URL: https://addons.mozilla.org/firefox/addon/pwas-for-firefox/eula/ XIOC detected URL: https://addons.mozilla.org/firefox/addon/pwas-for-firefox/eula/
extracted_from_files
detected URL: https://addons.mozilla.org/firefox/addon/pwas-for-firefox/privacy/ XIOC detected URL: https://addons.mozilla.org/firefox/addon/pwas-for-firefox/privacy/
extracted_from_files
detected URL: https://www.mozilla.org/firefox/all/ XIOC detected URL: https://www.mozilla.org/firefox/all/
extracted_from_files
detected URL: https://github.com/mozilla/gecko-dev XIOC detected URL: https://github.com/mozilla/gecko-dev
extracted_from_files
detected URL: https://fontsarena.com/metropolis-by-chris-simpson/ XIOC detected URL: https://fontsarena.com/metropolis-by-chris-simpson/
extracted_from_files
detected URL: https://unlicense.org/ XIOC detected URL: https://unlicense.org/
extracted_from_files
detected URL: https://icons.getbootstrap.com/ XIOC detected URL: https://icons.getbootstrap.com/
extracted_from_files
detected URL: https://opensource.org/licenses/MIT XIOC detected URL: https://opensource.org/licenses/MIT
extracted_from_files
detected URL: https://github.com/filips123/PWAsForFirefox/blob/main/native/packages/wix/main.wxs XIOC detected URL: https://github.com/filips123/PWAsForFirefox/blob/main/native/packages/wix/main.wxs
extracted_from_files
detected URL: https://7-zip.org/ XIOC detected URL: https://7-zip.org/
extracted_from_files
detected URL: https://www.mozilla.org/MPL/2.0/ XIOC detected URL: https://www.mozilla.org/MPL/2.0/
extracted_from_files
detected URL: https://github.com/filips123/PWAsForFirefox/blob/main/LICENSE XIOC detected URL: https://github.com/filips123/PWAsForFirefox/blob/main/LICENSE
extracted_from_files
detected URL: https://www.svgrepo.com/svg/40267/fox XIOC detected URL: https://www.svgrepo.com/svg/40267/fox
extracted_from_files
detected URL: https://github.com/webmaxru/progressive-web-apps-logo XIOC detected URL: https://github.com/webmaxru/progressive-web-apps-logo
extracted_from_files
detected URL: https://creativecommons.org/publicdomain/zero/1.0/ XIOC detected URL: https://creativecommons.org/publicdomain/zero/1.0/
extracted_from_files
detected URL: https://github.com/xiaoxiaoflood/firefox-scripts XIOC detected URL: https://github.com/xiaoxiaoflood/firefox-scripts
extracted_from_files
detected URL: https://github.com/black7375/Firefox-UI-Fix XIOC detected URL: https://github.com/black7375/Firefox-UI-Fix
extracted_from_files
detected URL: https://github.com/filips123/PWAsForFirefox/issues/322 XIOC detected URL: https://github.com/filips123/PWAsForFirefox/issues/322
extracted_from_files
detected URL: https://aka.ms/vs/16/release/vc_redist.$ XIOC detected URL: https://aka.ms/vs/16/release/vc_redist.$
extracted_from_files
detected URL: https://github.com/filips123/PWAsForFirefox/releases/download/v$ XIOC detected URL: https://github.com/filips123/PWAsForFirefox/releases/download/v$
extracted_from_files
detected URL: https://github.com/filips123/PWAsForFirefox/tree/$ XIOC detected URL: https://github.com/filips123/PWAsForFirefox/tree/$
extracted_from_files
detected URL: http:// XIOC detected URL: http://
extracted_from_files
detected URL: https://addons.mozilla.org/api/v5/addons/addon/pwas-for-firefox/ XIOC detected URL: https://addons.mozilla.org/api/v5/addons/addon/pwas-for-firefox/
extracted_from_files
detected Domain: offcanvas-md.show XIOC detected Domain: offcanvas-md.show
extracted_from_files
detected Domain: offcanvas-lg.show XIOC detected Domain: offcanvas-lg.show
extracted_from_files
detected Domain: b.id XIOC detected Domain: b.id
extracted_from_files
detected Domain: offcanvas-xxl.show XIOC detected Domain: offcanvas-xxl.show
extracted_from_files
detected Domain: offcanvas-backdrop.show XIOC detected Domain: offcanvas-backdrop.show
extracted_from_files
detected URL: http://addons.mozilla.org/ca/crl.pem0N XIOC detected URL: http://addons.mozilla.org/ca/crl.pem0N
extracted_from_files
detected Domain: form-control-color.is XIOC detected Domain: form-control-color.is
extracted_from_files
detected Domain: form-check-input.is XIOC detected Domain: form-check-input.is
extracted_from_files
detected Domain: btn.show XIOC detected Domain: btn.show
extracted_from_files
detected Domain: dropdown-menu.show XIOC detected Domain: dropdown-menu.show
extracted_from_files
detected Domain: nav-item.show XIOC detected Domain: nav-item.show
extracted_from_files
detected Domain: modal-backdrop.show XIOC detected Domain: modal-backdrop.show
extracted_from_files
detected Domain: offcanvas-sm.show XIOC detected Domain: offcanvas-sm.show
extracted_from_files
detected Domain: er.call XIOC detected Domain: er.call
extracted_from_files
detected Domain: eg.call XIOC detected Domain: eg.call
extracted_from_files
detected Domain: s.ownerdocument.doctype.name XIOC detected Domain: s.ownerdocument.doctype.name
extracted_from_files
detected Domain: s.select XIOC detected Domain: s.select
extracted_from_files
detected Domain: form-control.is XIOC detected Domain: form-control.is
extracted_from_files
detected Domain: textarea.form-control.is XIOC detected Domain: textarea.form-control.is
extracted_from_files
detected Domain: form-select.is XIOC detected Domain: form-select.is
extracted_from_files
detected Domain: developer.mozilla.org XIOC detected Domain: developer.mozilla.org
extracted_from_files
detected Domain: array.prototype.map.call XIOC detected Domain: array.prototype.map.call
extracted_from_files
detected Domain: e.safe XIOC detected Domain: e.safe
extracted_from_files
detected Domain: e.in XIOC detected Domain: e.in
extracted_from_files
detected Domain: el.call XIOC detected Domain: el.call
extracted_from_files
detected Domain: ei.call XIOC detected Domain: ei.call
extracted_from_files
detected Domain: b.show XIOC detected Domain: b.show
extracted_from_files
detected Domain: scoop.sh XIOC detected Domain: scoop.sh
extracted_from_files
detected Domain: portableapps.com XIOC detected Domain: portableapps.com
extracted_from_files
detected Domain: signpath.org XIOC detected Domain: signpath.org
extracted_from_files
detected Domain: about.signpath.io XIOC detected Domain: about.signpath.io
extracted_from_files
detected Domain: packagecloud.io XIOC detected Domain: packagecloud.io
extracted_from_files
detected Domain: brew.sh XIOC detected Domain: brew.sh
extracted_from_files
detected Domain: wixtoolset.org XIOC detected Domain: wixtoolset.org
extracted_from_files
detected Domain: unlicense.org XIOC detected Domain: unlicense.org
extracted_from_files
detected Domain: icons.getbootstrap.com XIOC detected Domain: icons.getbootstrap.com
extracted_from_files
detected Domain: opensource.org XIOC detected Domain: opensource.org
extracted_from_files
detected Domain: 7-zip.org XIOC detected Domain: 7-zip.org
extracted_from_files
detected Domain: pwasforfirefox.filips.si XIOC detected Domain: pwasforfirefox.filips.si
extracted_from_files
detected Domain: chocolatey.org XIOC detected Domain: chocolatey.org
extracted_from_files
detected Domain: www.npackd.org XIOC detected Domain: www.npackd.org
extracted_from_files
detected Domain: e.build XIOC detected Domain: e.build
extracted_from_files
detected Domain: this.inc XIOC detected Domain: this.inc
extracted_from_files
detected Domain: l.build XIOC detected Domain: l.build
extracted_from_files
detected Domain: www.mozilla.org XIOC detected Domain: www.mozilla.org
extracted_from_files
detected Domain: www.svgrepo.com XIOC detected Domain: www.svgrepo.com
extracted_from_files
detected Domain: creativecommons.org XIOC detected Domain: creativecommons.org
extracted_from_files
detected Domain: fontsarena.com XIOC detected Domain: fontsarena.com
extracted_from_files
detected Domain: e.call XIOC detected Domain: e.call
extracted_from_files
detected URL: https://packagecloud.io/images/packagecloud-badge.png XIOC detected URL: https://packagecloud.io/images/packagecloud-badge.png
extracted_from_files
detected URL: https://packagecloud.io/ XIOC detected URL: https://packagecloud.io/
extracted_from_files
detected URL: https://github.com/filips123/PWAsForFirefox/issues XIOC detected URL: https://github.com/filips123/PWAsForFirefox/issues
extracted_from_files
detected Domain: element.prototype.queryselector.call XIOC detected Domain: element.prototype.queryselector.call
extracted_from_files
detected Domain: this.build XIOC detected Domain: this.build
extracted_from_files
detected Domain: semver.compare XIOC detected Domain: semver.compare
extracted_from_files
detected Domain: t.new XIOC detected Domain: t.new
extracted_from_files
detected Domain: t.group XIOC detected Domain: t.group
extracted_from_files
detected Domain: this.constructor.data XIOC detected Domain: this.constructor.data
extracted_from_files
detected Domain: i.default.off XIOC detected Domain: i.default.off
extracted_from_files
detected Domain: this.data XIOC detected Domain: this.data
extracted_from_files
detected Domain: this.name XIOC detected Domain: this.name
extracted_from_files
detected Domain: o.id XIOC detected Domain: o.id
extracted_from_files
detected Domain: n.group XIOC detected Domain: n.group
extracted_from_files
detected Domain: e.dataset.id XIOC detected Domain: e.dataset.id
extracted_from_files
detected Domain: e.group XIOC detected Domain: e.group
extracted_from_files
detected Domain: a.id XIOC detected Domain: a.id
extracted_from_files
detected Domain: dropelement.id XIOC detected Domain: dropelement.id
extracted_from_files
detected Domain: r.dataset.id XIOC detected Domain: r.dataset.id
extracted_from_files
detected Domain: modal.show XIOC detected Domain: modal.show
extracted_from_files
detected Domain: mousedown.bs XIOC detected Domain: mousedown.bs
extracted_from_files
detected Domain: s.default.off XIOC detected Domain: s.default.off
extracted_from_files
detected Domain: keydown.tab XIOC detected Domain: keydown.tab
extracted_from_files
detected Domain: containerelement.style XIOC detected Domain: containerelement.style
extracted_from_files
detected Domain: i.new XIOC detected Domain: i.new
extracted_from_files
detected Domain: e.click XIOC detected Domain: e.click
extracted_from_files
detected Domain: f.call XIOC detected Domain: f.call
extracted_from_files
detected Domain: t.data XIOC detected Domain: t.data
extracted_from_files
detected Domain: s.name XIOC detected Domain: s.name
extracted_from_files
detected Domain: f.auto XIOC detected Domain: f.auto
extracted_from_files
detected Domain: l.default.off XIOC detected Domain: l.default.off
extracted_from_files
detected Domain: l.default.one XIOC detected Domain: l.default.one
extracted_from_files
detected Domain: element.style XIOC detected Domain: element.style
extracted_from_files
detected Domain: offcanvas.show XIOC detected Domain: offcanvas.show
extracted_from_files
detected Domain: this.show XIOC detected Domain: this.show
extracted_from_files
detected Domain: backdrop.show XIOC detected Domain: backdrop.show
extracted_from_files
detected Domain: d.default.one XIOC detected Domain: d.default.one
extracted_from_files
detected Domain: e.style.top XIOC detected Domain: e.style.top
extracted_from_files
detected Domain: handlers.map XIOC detected Domain: handlers.map
extracted_from_files
detected Domain: m.call XIOC detected Domain: m.call
extracted_from_files
detected Domain: r.top XIOC detected Domain: r.top
extracted_from_files
detected Domain: readme.md XIOC detected Domain: readme.md
extracted_from_files
detected Domain: aka.ms XIOC detected Domain: aka.ms
extracted_from_files
detected Domain: s.call XIOC detected Domain: s.call
extracted_from_files
detected Domain: bs.tab XIOC detected Domain: bs.tab
extracted_from_files
detected Domain: t.target XIOC detected Domain: t.target
extracted_from_files
detected Domain: t.id XIOC detected Domain: t.id
extracted_from_files
detected Domain: i.storage XIOC detected Domain: i.storage
extracted_from_files
detected Domain: o.call XIOC detected Domain: o.call
extracted_from_files
detected Domain: date.now XIOC detected Domain: date.now
extracted_from_files
detected Domain: document.body.style XIOC detected Domain: document.body.style
extracted_from_files
detected Domain: array.prototype.map XIOC detected Domain: array.prototype.map
extracted_from_files
detected Domain: e.eventnames.map XIOC detected Domain: e.eventnames.map
extracted_from_files
detected Domain: e.target XIOC detected Domain: e.target
extracted_from_files
detected Domain: a.call XIOC detected Domain: a.call
extracted_from_files
detected Domain: c.call XIOC detected Domain: c.call
extracted_from_files
detected Domain: p.call XIOC detected Domain: p.call
extracted_from_files
detected Domain: r.call XIOC detected Domain: r.call
extracted_from_files
detected Domain: n.data XIOC detected Domain: n.data
extracted_from_files
detected Domain: l.data XIOC detected Domain: l.data
extracted_from_files
detected Domain: dropelement.style XIOC detected Domain: dropelement.style
extracted_from_files
detected Domain: mozilla.net XIOC detected Domain: mozilla.net
extracted_from_files
detected Domain: mozilla.org XIOC detected Domain: mozilla.org
extracted_from_files
detected Domain: a.name XIOC detected Domain: a.name
extracted_from_files
detected Domain: n.name XIOC detected Domain: n.name
extracted_from_files
detected Domain: i.data XIOC detected Domain: i.data
extracted_from_files
detected Domain: e.config.name XIOC detected Domain: e.config.name
extracted_from_files
detected Domain: e.manifest.name XIOC detected Domain: e.manifest.name
extracted_from_files
detected Domain: object.prototype.hasownproperty.call XIOC detected Domain: object.prototype.hasownproperty.call
extracted_from_files
detected Domain: e.style XIOC detected Domain: e.style
extracted_from_files
detected Domain: array.prototype.slice.call XIOC detected Domain: array.prototype.slice.call
extracted_from_files
detected Domain: array.prototype.foreach.call XIOC detected Domain: array.prototype.foreach.call
extracted_from_files
detected Domain: github.com XIOC detected Domain: github.com
extracted_from_files
detected Domain: e.name XIOC detected Domain: e.name
extracted_from_files
detected Domain: firefox.com XIOC detected Domain: firefox.com
extracted_from_files
detected Domain: l.iframe.id XIOC detected Domain: l.iframe.id
extracted_from_files
detected Domain: e.id XIOC detected Domain: e.id
extracted_from_files
detected Domain: e.iframe.style XIOC detected Domain: e.iframe.style
extracted_from_files
detected Domain: iframe.style XIOC detected Domain: iframe.style
extracted_from_files
detected Domain: e.iframe.id XIOC detected Domain: e.iframe.id
extracted_from_files
detected Domain: n.id XIOC detected Domain: n.id
extracted_from_files
detected Domain: g.id XIOC detected Domain: g.id
extracted_from_files
detected Domain: a.data XIOC detected Domain: a.data
extracted_from_files
detected Domain: n.call XIOC detected Domain: n.call
extracted_from_files
detected Domain: e.media XIOC detected Domain: e.media
extracted_from_files
detected Domain: window.top XIOC detected Domain: window.top
extracted_from_files
detected Domain: t.top-i.top XIOC detected Domain: t.top-i.top
extracted_from_files
detected Domain: n.top XIOC detected Domain: n.top
extracted_from_files
detected Domain: l.id XIOC detected Domain: l.id
extracted_from_files
detected Domain: t.call XIOC detected Domain: t.call
extracted_from_files
detected Domain: i.id XIOC detected Domain: i.id
extracted_from_files
detected Domain: browser.pageaction.show XIOC detected Domain: browser.pageaction.show
extracted_from_files
detected Domain: a.auto XIOC detected Domain: a.auto
extracted_from_files
detected Domain: settings.show XIOC detected Domain: settings.show
extracted_from_files
detected Domain: settings.auto XIOC detected Domain: settings.auto
extracted_from_files
detected Domain: e.data XIOC detected Domain: e.data
extracted_from_files
detected IP: e:: XIOC detected IP: e::
extracted_from_files
detected IP: ed:: XIOC detected IP: ed::
extracted_from_files
detected Domain: signingca1.addons.mozilla.org XIOC detected Domain: signingca1.addons.mozilla.org
extracted_from_files
detected Domain: mozilla.com XIOC detected Domain: mozilla.com
extracted_from_files
detected Domain: content-signature.mozilla.org XIOC detected Domain: content-signature.mozilla.org
extracted_from_files
detected Domain: filips.si XIOC detected Domain: filips.si
extracted_from_files
detected Domain: t24025bc9e2f9f74c70ea9e795540951b.842bd654e3888a8a730c16fa4c9ce22d.addons.mozilla.org XIOC detected Domain: t24025bc9e2f9f74c70ea9e795540951b.842bd654e3888a8a730c16fa4c9ce22d.addons.mozilla.org
extracted_from_files
detected URL: https://signpath.org/assets/logo.svg XIOC detected URL: https://signpath.org/assets/logo.svg
extracted_from_files
detected MD5 Hash: 842bd654e3888a8a730c16fa4c9ce22d XIOC detected MD5 Hash: 842bd654e3888a8a730c16fa4c9ce22d
extracted_from_files
detected URL: https://github.com/filips123/PWAsForFirefox?sponsor=1 XIOC detected URL: https://github.com/filips123/PWAsForFirefox?sponsor=1
extracted_from_files
detected URL: https://addons.mozilla.org/firefox/addon/pwas-for-firefox XIOC detected URL: https://addons.mozilla.org/firefox/addon/pwas-for-firefox
extracted_from_files
detected Domain: element.prototype.queryselectorall.call XIOC detected Domain: element.prototype.queryselectorall.call
extracted_from_files
detected Domain: v.off XIOC detected Domain: v.off
extracted_from_files
detected IP: ::f XIOC detected IP: ::f
extracted_from_files
Security Analysis Summary
Security Analysis Overview
Progressive Web Apps for Firefox is a Firefox Add-ons extension published by Filip Štamcar. Version 2.18.2 has been analyzed by the Risky Plugins security platform, receiving a risk score of 100/100 (CRITICAL risk) based on 281 security findings.
Risk Assessment
This extension presents critical security risk. Severe issues were detected, potentially including malware indicators, exposed secrets, or dangerous behaviors. Installation is strongly discouraged until these issues are addressed.
Findings Breakdown
- High: 64 finding(s)
- Medium: 217 finding(s)
What Was Analyzed
The security assessment covers multiple analysis categories:
- Malware Detection: YARA rule matching against 2,400+ malware signatures
- Secret Detection: Scanning for exposed API keys, tokens, and credentials
- Static Analysis: Code-level security analysis for common vulnerability patterns
- Network Analysis: Detection of suspicious network communications and endpoints
- Obfuscation Detection: Identification of code obfuscation techniques
Developer Information
Progressive Web Apps for Firefox is published by Filip Štamcar on the Firefox Add-ons marketplace. The extension has approximately 17K users.
Recommendation
This extension is not recommended for installation without thorough manual review. Consider alternatives with lower risk scores, or contact the developer to address the identified security concerns.
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace