Firefox is easily extended via add-ons. And the way extensions work makes it relatively easy for bad guys to inject malware that would be difficult to detect and remove.
So for example, any data (including keystrokes, form data, history, etc) could then be harvested directly from the browser and/or its network traffic and sent to a third-party offsite server. Ouch!
For a better understanding of this potential problem read about FFSpy. And to learn about why the extension subsystem in Firefox is fundamentally flawed read what Ralas Los has to say about this situation.
Now think about this for a moment. What if someone infects a popular add-on like NoScript, FlashBlock, GreaseMonkey, WebDeveloper, or Firebug? What tools do you have to find that infection and eradicate it?