I've developed a few browser extensions, and every week I receive numerous emails with "revenue offer". Some experienced developers know that offers like these will inject malware into the browsers of your users, but scammers who make these offers will not tell you about it. They offer "integrations" that don't look so suspicious. Imagine how many developers have accepted these offers. Then look at the number of extensions in your browser and think about how much risk there is that you have an extension with malware.
Exactly why most enterprise organizations disable them. You should too if you’re doing anything sensitive data.
That’s why on my work PC I use a completely vanilla Firefox, gotta live with the ads. But I’m not risking giving full access to website content to any extension
It would be nice if Firefox built in something like GreaseMonkey to allow for some things to be added by the user, while still having full control over the code. Arc has this, but it Chromium based, Mac only, and doesn’t allow you to get your data (like bookmarks) out of it very easily.