All I can guess is this triggered code that was supposed to run when a single extension is found to be malicious and so its signature would be revoked and you'd want it to disable it.
And they didn't consider that a cert failure higher in the chain would do this.
@joeyh That seems to be about the shape of it: check the signatures on extensions regularly to allow revocation, and as it turns out if something higher in that chain is invalid, the signature is invalid. (This isn't necessarily *bad*, as you might have good reason to revoke an intermediate cert as well, but obviously in this case it didn't go as one might like.)
My guess is so that a malicious virus/trojan-installed extension would not load successfully. e.g. a virus could install an extension in Firefox to keep reinstalling the virus, or to let it rum traffic through FF's process to evade antivirus, etcetera. If certs were only checked at install-time then a manual install could bypass cert checks. Being checked at runtime guarantees that what runs is what's trusted.
@joeyh I think it was intermediate certificate, so everytime the extension runs, or maybe everytime firefox starts, it checks the signatures of all extensions against their certificate. But since the respective certificates are signed by this intermediate certificate, the signature is only valid when all certs in the chain are valid. That's my guess. Why didn't they have any expiration warning or why this exact problem wasn't addressed when it happened 3 years ago, that's mystery
@joeyh interesting denial of service concept