That said, if you see a clean way to create an API to do secure script injection and feel like hacking it up real quick, feel free. It may prove useful eventually, but I suspect we'll uncover a whole slough of surprises once we actually try to use it. We'll probably also need regression tests in-tree for every single function/callback/property we hook, to make sure that an implementation change doesn't suddenly break our ability to hook something in the way we want.
As an experiment, I came up with a very simple JS module that lets you inject a script to overwrite arbitrary members of the global "window" object, before any content is loaded. The trick is listening for "content-document-global-created" notifications, as described in https://developer.mozilla.org/en-US/docs/Observer_Notifications#Documents.
If anyone is interested, you can see the injection code at https://github.com/arthuredelstein/torbutton/blob/f138fa2a5e/src/chrome/cont... and there's an example of the script to be injected at https://github.com/arthuredelstein/torbutton/blob/f138fa2a5e/src/chrome/cont... (The latter script is one way to solve #5926, though my final implementation is a C++ patch.) Of course, all of Mike and Georg's caveats about JS hooks apply here.