This does not increase privileges of the attacker: If the attacker can modify Firefox's profile directory it could also inject something into firefox or read the cookies directly.