Theoretically Malware.exe could be able to replace (or alias, or provide a convenient shortcut on Windows' desktop) the Firefox binary with one, that does not perform a certificate check. It is hard to protect user from something that is already running on their computer.