Yeah, that attemp at positive spin won't fly here, not with this audience. Silent sideload of a paid-placement extension that changes headers and page content is not an easter egg. Maybe if it were activated by a ctrl sequence, but even then... this is a hole in perimeter security. It's the sort of thing that makes me reconsider my institution's security policy to sanction Firefox as a supported and authorized browser. Not cool Mozilla, we can get by with chrome and IE / Edge... MS might not be bleeding edge in browsers but at least they understand this sort of Enterprise requirement. MS might pull some ad placement bs on windows home, but they were smart enough to avoid it with pro.
Well, thankfully the extension did not actually do anything at all. You would have had to manually enable it in about:config, before it would have done what you described.
