[Spivak]

No, they make every effort to ensure that installing extensions outside the store is annoying so that you can't push your malware by just having users download and install it. This kind of malware plagued Firefox for years until they made extension signing mandatory

[saurik]

If I am in a position to install random shit into Firefox I am also in a position to just modify Firefox, so that doesn't accomplish anything at all except remove functionality from users.

[enedil]

Except most targets won't modify their Firefox.

[saurik]

I think I am not understanding your use of the word "target" here, as I would have expected that to be the person being targeted by the malware install, but that person isn't someone who by definition even knows what is going on: it is the attacker who is choosing to install something into Firefox without the express knowledge of the target, and so it is the attacker whom I am noting is able to choose to instead modify Firefox; if the target were making the decision to install the extension then clearly they should be allowed to do whatever they legitimately want to do with their software.