At the SecurityByte & OWASP AppSec Conference in India, security consultants Roberto Suggi Liverani and Nick Freeman demonstrated bugs in several popular Firefox extensions including three zero days.
Mozilla doesn’t have a security model for extensions and Firefox fully trusts the code of the extensions. There are no security boundaries between extensions and, to make things even worse, an extension can silently modify another extension.
Any Mozilla application with the extension system is vulnerable to same type of issues. Extensions vulnerabilities are platform independent, and can result in full system compromise.
http://www.net-security.org/secworld.php?id=8527
