I noticed the user interface in disconnect totally changed in my firefox browser. It had a clean vertical column listing only google, facebook, twitter, and a few other websites; It was completely different than the original. I should have took a screenshot and backed up the extension but failed to do so. I uninstalled the addon and re-installed it from firefox's website; it immediately went back to normal. I confirm signature checks was enabled. I'm curious what kind of security firefox implements. I know its supposed to only allow signed addons, but does it go one step further and do regular hash checks to ensure they have not been replaced with malware? I believe this will be a necessary step in order to mitigate against many zero day threats or vulnerabilities within browser signature verification systems. I was using the latest 61.0b8, 64 bit on windows 7.
A simple addon could do this automatically very quickly and easily, by downloading the latest preferably at semi random intervals, and comparing hashes; if the hashes are not already available on firefoxes own addons page.
Are you sure it wasn't some kind of malfunction? I never saw something like this before. I do know that FF doesn't allow extensions to be installed from non trusted sites, and you can also configure it to only manually update extensions. In Chrome, Opera and Vivaldi, extensions can update automatically and they can even show pop-ups.