As I understand, the codebase is quite different. It's an Android app that wraps around GeckoView, with most of the UI is custom code written in Android-specific Kotlin code. This includes a lot (but not all) of the code used to implement WebExtensions.
I don't think this has any specific unique security implications other than that of introducing a lot of new code and an extensions runtime that a lot more people will suddenly be writing code for. The article mentions in the next sentence that malware extensions also plague the desktop browsers.
As I understand, the codebase is quite different. It's an Android app that wraps around GeckoView, with most of the UI is custom code written in Android-specific Kotlin code. This includes a lot (but not all) of the code used to implement WebExtensions.
I don't think this has any specific unique security implications other than that of introducing a lot of new code and an extensions runtime that a lot more people will suddenly be writing code for. The article mentions in the next sentence that malware extensions also plague the desktop browsers.