Firefox needs a better security model for add-ons. The thing that bothers me in Firefox is the Private Mode (Incognito in Chrome), as it doesn't disable add-ons. And I use private mode quite often.
Mozilla has been relying on a more strict review process for whatever gets published on addons.mozilla.org (when compared to Google), with Firefox users experiencing less instances of add-ons turning to mallware/spyware, but I'd like both this review process and a better security model for these add-ons.
Profile manager UI is still around and used to be easier to get to (there's a command-line option for it now), but it was too easy to accidentally remove profiles and also confusing for people who got into it accidentally.
Profilist is relatively new and doesn't allow profile deletion, but to me still seems like the kind of feature that's great as an add-on but not used by so many people and confusing to less power-users.
I'm not sure about FF but the beauty of Chrome's Private Browsing mode is that all extensions are disabled by default with the option to allow on Private Browsing mode.
Somebody pointed out that you could setup/use different profiles in Firefox and there's a plugin "Profilist" that makes creating / switching profiles easy, just tried it out and works well.
The mentality with add-ons in Firefox is that when you install an add-on, you trust that it does the right thing (e.g. it gets a notification that you're in Private Mode such that it has a chance to stop logging or whatever) and then you trust Mozilla's review process to catch perpetrators.
The problem is of course that some add-ons are more trustworthy than others. I trust Mozilla and I may choose to trust Ghostery, but do I trust the Readability add-on in Private Mode? I can't do that. And you can take security measures, like connecting through a VPN and connecting through HTTPS, but if your browser is compromised, then tough luck.
I use Private Mode when searching / watching porn, or when logging to my Banking account. And I take security very seriously. Therefore I have to abstain from installing add-ons that I don't find to be trustworthy. Of course, at this point I trust extensions in Chrome's Store even less, but I'd also prefer its security model for extensions. Hopefully once Electrolysis is in, they'll also work on this.
I wonder if there's any demand for a maintained noscript whitelist, for folks who want a kind of middle ground. Allow functional stuff from google.com, microsoft.com, etc. but continue to block google-analytics and all the ad crap.