"...Now, for a piece of software that has just started up, how does it know that a plug-in has been installed sneakily by another app acting as admin, rather than the user choosing to install it? Really, how?..."
Presumably there is a directory where the plugins live? In which case, really simply, it could just look to see if any files have been added since last time it was run.
If you want a bit more security round it, the program could store a list of cryptographic hashes of the plugins which have been legitimately installed and that way detect tampering with existing plugins or the list of previously oked plugins.
The problem is that FF doesn't seem to be even trying here.
- Asteroid's DINO KILLING SPREE just bad luck – boffins
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- Stick a 4K in them: Super high-res TVs are DONE
- BEST BATTERY EVER: All lithium, all the time, plus a dash of carbon nano-stuff
- Review You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad