This would be a pretty far-fetched attack: if the attacker could modify this config file they could more easily hack Firefox by changing/replacing one of the code libraries with a variant that does some dastardly deed. But you're right there's a bug here.
Status: UNCONFIRMED → NEW
Component: General → Preferences: Backend
Ever confirmed: true
OS: Windows Vista → All
Product: Firefox → Core
QA Contact: general → prefs
Hardware: x86 → All
Whiteboard: [sg:low] local hackery
Opening up per comment 1, which indicates that this is not a significant security issue. This bug is more likely to get fixed if this is open.
You need to log in before you can comment on or make changes to this bug.