Cert expiration is the only safe revocation. You cannot rely on revocation lists in many settings. Access to them might be maliciously blocked or, if locally kept, tampered with. The list could for example be replaced with an older one, which would circumvent signing the list unless the signature contains an expiration date and then you’re back to “oh, list expired, how do we fail?”
You cannot rely on check at extension install. That would assume that all malicious extensions are installed via FF proper. Oracles crapware bundling in the Java installer taught us that’s now how things go. You cannot remember the trust flag when an extension is installed via FF as a crapware installer could just set the trust flag, too. After all, that storage would be accessible, too. You cannot sign or encrypt that trust storage as the key material would have to be kept locally and would be accessible to the crapware installer.
Well, frankly, I don’t really want a revocation list, and I don’t really want signed extensions in the first place. It’s my browser, and it’s not Mozilla’s business to decide what I install on my browser.
And I most definitely don’t want my browser to fail into an unsafe configuration.
You cannot rely on check at extension install. That would assume that all malicious extensions are installed via FF proper. Oracles crapware bundling in the Java installer taught us that’s now how things go. You cannot remember the trust flag when an extension is installed via FF as a crapware installer could just set the trust flag, too. After all, that storage would be accessible, too. You cannot sign or encrypt that trust storage as the key material would have to be kept locally and would be accessible to the crapware installer.