High-risk tools in Firefox MCP Server
14 of the 29 tools in Firefox MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_launchExecuteLaunch Firefox browser with multi-session support and comprehensive debugging capabilities. Perfect for testing web applications, multiplayer games, and Phoenix LiveView apps.
-
debug_monitoring_startExecuteStart or restart comprehensive monitoring for console logs, errors, network activity, and WebSocket messages.
-
element_waitExecuteWait for specific elements to appear or become visible. Essential for handling dynamic content and loading states.
-
javascript_executeExecuteExecute custom JavaScript code in the browser context. Powerful for advanced DOM manipulation, data extraction, and custom interactions.
-
page_navigateExecuteNavigate to a specific URL in the browser. Works with any web page or web application.
-
debug_helpers_injectExecuteInject custom debugging utilities and helper functions into the page context for enhanced debugging capabilities.
-
element_clickExecuteClick on any element using CSS selector or exact coordinates. Essential for interacting with buttons, links, and UI elements.
-
element_dragExecutePerform drag and drop operations or move sliders/draggable elements with smooth animations and precise control.
-
history_backExecuteNavigate back in browser history, like clicking the back button.
-
history_forwardExecuteNavigate forward in browser history, like clicking the forward button.
-
input_typeExecuteType text into input fields, text areas, or any editable element. Perfect for form filling and text input.
-
keyboard_pressExecuteSend keyboard events with support for modifier keys and repetition. Ideal for arrow keys, shortcuts, and special key combinations.
-
page_reloadExecuteReload the current page, refreshing all content and JavaScript state.
-
session_createExecuteCreate a new browser session (tab) with complete isolation - separate cookies, storage, and debugging. Essential for multi-user testing scenarios.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.