I presume there is a security benefit to Firefox's delay before installing add-ons, but for the life of me I can't figure out what it is. (Yes, I know you can disable the delay.)
If you answer this question, please provide references from Firefox mailing lists or commit logs.
Best Answer
Why?
How can you maliciously trigger an installation?
Here's an interesting article about race conditions in security dialogs by Jesse Ruderman:
Basically, it all comes down to predicting when a user would click and then intercepting that click within an installation dialog. Ruderman explained a more concise game situation like this in his bug report from Firefox, which ultimately led to the inclusion of the delay period.
To summarize again, his main point was:
Any alternatives to the delay period?
The delay period was certainly only one way of dealing with this. Another one could have been shuffling the buttons for "Install", "Cancel" every time you would install something. This is something used very often, but it confuses the user more than it helps.
Another idea would be moving the window location randomly for every dialog. This has the same result as shuffling the buttons, namely confusing the user.
Also, introducing randomness is not the ultimate solution. If there are keyboard shortcuts for the buttons, you could intercept keypresses as well. That all being said, it seems more like a legacy feature today, as most plugins are installed from the official Firefox add-on website anyway.