[accounthere]

Desktop Firefox has had extensions for years and I've never seen it become malware.

[dkonofalski]

That's only because you personally don't download it. I can't tell you how many times my uncle has installed a new "search toolbar" for Firefox that I've then had to disable. Luckily, disabling an extension is trivial. For the non-savvy user, though, it's still an issue.

[soapdog]

thats why the process changed and now extensions need to be signed and reviewed.

Firefox stable will not install add-ons from outside the Mozilla add-ons site by default

[dkonofalski]

Unless you change a single setting that allows you to do so. Guess how many of those malware toolbars pop-up a message that says "Click here and select this option to allow us to fix the issues with your system"?

[heinrich5991]

You simply can't disable it in future versions of Firefox.

[jamesgeck0]

I've definitely seen copies of desktop Firefox running malicious extensions. Mozilla somewhat discourages installing extensions that aren't on the official add-ons website (and thus haven't gone through an App-Store-like review process), but people do it anyway.

[kuschku]

And from the next version on, extensions installed from a non-accepted store are disabled and can’t be installed.

(Yes, as a developer, you can just add extensions, or as company, you can add your own certificate.