How to add Firefox DevTools MCP to Cursor
Automate and inspect Firefox via WebDriver BiDi (Selenium) from any MCP client. Paste the config into ~/.cursor/mcp.json and restart Cursor.
Last updated June 14, 2026 · 228★ · stdio · no auth · official
Cursor config for Firefox DevTools MCP
claude mcp add firefox-devtools npx @mozilla/firefox-devtools-mcp@latest{
"mcpServers": {
"firefox-devtools-mcp": {
"command": "npx",
"args": [
"-y",
"@mozilla/firefox-devtools-mcp@latest",
"--headless",
"--viewport",
"1280x720"
],
"env": {
"START_URL": "about:blank"
}
}
}
}Setup steps
- 1Open Cursor → Settings → MCP → Add new MCP server (or edit ~/.cursor/mcp.json directly).
- 2Paste the Firefox DevTools MCP config below into the "mcpServers" object.
- 3Fill in placeholder secrets, then save.
- 4Cursor reloads MCP servers automatically — check Settings → MCP for a green status dot.
- 5Ask Cursor to use one of Firefox DevTools MCP's tools to confirm it's connected.
Before you start
- Node.js >= 20.19.0
- Firefox 100+ installed locally (auto-detected, or pass --firefox-path)
- For Firefox for Android: adb on your PATH (geckodriver is managed automatically)
What Firefox DevTools MCP can do in Cursor
list_pagesList the open pages (tabs) in the browser.
new_pageOpen a new page (tab).
navigate_pageNavigate the selected page to a URL.
select_pageSelect the active page to operate on.
close_pageClose a page (tab).
take_snapshotTake an accessibility-tree snapshot of the page, producing UIDs for elements.
click_by_uidClick an element identified by its snapshot UID.
hover_by_uidHover over an element identified by its snapshot UID.
Security
Browser MCP servers carry inherent risks. Use a dedicated Firefox profile (never your regular one) since the agent can access whatever the browser can reach, including cookies and saved sessions. Be cautious about which sites you visit, as pages can return content designed to manipulate the agent (prompt injection). Avoid enabling extra flags unless needed: `--enable-script` and `--enable-privileged-context` significantly expand what the agent can do. Do not leave Marionette enabled during normal browsing in connect-existing mode, as it changes browser fingerprint signals and can trigger bot detection. See SECURITY.md for a full breakdown.
Firefox DevTools MCP + Cursor FAQ
Where is the Cursor config file?
Cursor reads MCP servers from ~/.cursor/mcp.json. Paste the Firefox DevTools MCP config there under the "mcpServers" key and restart the client.
Is Firefox DevTools MCP safe to use with Cursor?
Browser MCP servers carry inherent risks. Use a dedicated Firefox profile (never your regular one) since the agent can access whatever the browser can reach, including cookies and saved sessions. Be cautious about which sites you visit, as pages can return content designed to manipulate the agent (prompt injection). Avoid enabling extra flags unless needed: `--enable-script` and `--enable-privileged-context` significantly expand what the agent can do. Do not leave Marionette enabled during normal browsing in connect-existing mode, as it changes browser fingerprint signals and can trigger bot detection. See SECURITY.md for a full breakdown.
Can this run on a cloud MCP host like glama.ai?
No. The server requires a local Firefox browser installation and cannot run on cloud hosting services. Run it locally with `npx @mozilla/firefox-devtools-mcp@latest`, or use Docker with the provided Dockerfile.
How do I run arbitrary JavaScript in the page?
The evaluate_script tool is disabled by default. Enable it with the --enable-script flag (or ENABLE_SCRIPT=true). Privileged scripts and other privileged-context tools additionally require --enable-privileged-context and MOZ_REMOTE_ALLOW_SYSTEM_ACCESS=1.
Can I automate my real, logged-in Firefox session?
Yes, via connect-existing mode: start Firefox with `firefox --marionette`, then run the server with `--connect-existing --marionette-port 2828`. BiDi-dependent features (console and network events) are unavailable in this mode, but all other features work. Do not leave Marionette enabled during normal browsing, as it changes fingerprint signals and can trigger bot detection.