The target is not illegal malware which, as you say, would do anything. But there's a vast amount of detrimental foistware doing malicious things (e.g. injecting ads, tracking) under legal cover because the user somewhere forgot to uncheck some light-grey box in an installer. Anyone tried to install something from Sourceforge lately?
Modifying the Firefox installation directory would get flagged by any anti-virus, but software using the defined extension points does not -- the user "agreed" to it.
Right, but my point is that if some bit of adware is capable of checking that box without being able to do far more nefarious things (like outright patching/replacing Firefox itself), then one particular symptom of that ability ought to be the least of users' - and Mozilla's - concerns; that indicates an ability to modify the execution state of a program during runtime, in which case probably nothing on that computer is safe.
Modifying the Firefox installation directory would get flagged by any anti-virus, but software using the defined extension points does not -- the user "agreed" to it.