If an installer modified the binary, Firefox couldn't stop that. What installers actually do is move some plugin files into the global Firefox plugins folder, so they get loaded on next startup. Because you can't uninstall the global plugins from the user's account, they added a per-user setting that keeps track of which "global" plugins that user has allowed.

That wouldn't be anything new, and the system's malware detection should help. Although it's a hard problem if users insist on running random binaries, of course.

"Installers on Windows run with administrator privilege"

That's what's wrong with Windows and most desktop Linux distros.

If they ran with user privilege, they could still stomp on each other.

The OSX preferred app install process (used by FF) is simply to download the disk image, and move your app to the /Applications folder.

The Mac App Store likely also prevents apps from clobbering other apps' folders while installing.

I try to avoid software the requires an installer if at all possible.

There should be sandboxing / requesting priveleges like Android has it.