Every browsers addon runtime is different. Firefox is working on standardizing things with it's Web Extensions API (modeled after Chromium's API). But potentially, yes.

Most likely. Angular evals stuff from the DOM. Chrome extensions share the DOM with the webpage like Firefox extensions.

In Chrome content scripts (the ones that are injected into a page from an extension) run in some kind of isolated mode: https://developer.chrome.com/extensions/content_scripts

Yet they have some privileges a normal script doesn't have, for example the ability to post messages to parent extension which can be exploited.

They still see the same content in the DOM. The extension just has a separate javascript-wrapper around the DOM. This means that an extension will not be affected if a webpage monkey-patches a DOM method to do something else. But if a webpage places some specific text content inside an HTML element, then the extension will see that same text content! (And Angular running in the extension can still choose to recognize that content as a template and eval it.)

The topic of discussion here is Firefox webextensions, which are meant to be API-compatible with Chrome extensions and have the same security model.