Just about any executable file can get infected with viruses or may carry trojan horses. While it is easy to identify an executable file by the extension, Firefox addons (extensions) have an extension xpi. My question is, is this an executable file extension, meaning, can a virus theoretically piggy back itself on a xpi file? While I understand the ones that make it into addons.mozilla.org have somehow been tested and are 'clean' isnt it theoretically possible for a hitherto unknown virus to slip through that filter?