Didn't Chrome take this same approach? I suspect that if multiple major browser vendors are pursuing it, it's probably to address some issue. It's not like Mozilla just thought, "let's limit people more, that will make them happy." This doesn't make it the right approach, but it does make it understandable.
So I suspect it's to the benefit of the "average user" if that's what you are asking.
I'm going to step outside of HN for a minute and say that in my work I work with people who rely on the Internet, but have no concept, and I mean none, how it works. They do not understand that when they create a Yahoo email account that no one can help them when they forget their password. They do not understand that if you type "yaho com" that you are not going to get anywhere (until auto search came along, that is). I've come to realize that Internet safety is not a simple set of rules, it's a complex understanding of the whole ecosystem that can't be readily taught in the time I have with these users (and never taught to some). I can't explain why I click on links in some emails and not others, so I just say "don't click on links". I can't explain why you shouldn't use the same password everywhere to someone who needs to reset their password literally every time they log on, so I just tell them to use the one their friend or child has written down for them. It's terrible, but I get it when vendors draw a line in the sand and say "this is to protect those users."
That said, as a user who does understand, there's an element of frustration. Hopefully they bury an override option somewhere, or maybe just add it to their ESR but I doubt I would ever use it.
So I suspect it's to the benefit of the "average user" if that's what you are asking.
I'm going to step outside of HN for a minute and say that in my work I work with people who rely on the Internet, but have no concept, and I mean none, how it works. They do not understand that when they create a Yahoo email account that no one can help them when they forget their password. They do not understand that if you type "yaho com" that you are not going to get anywhere (until auto search came along, that is). I've come to realize that Internet safety is not a simple set of rules, it's a complex understanding of the whole ecosystem that can't be readily taught in the time I have with these users (and never taught to some). I can't explain why I click on links in some emails and not others, so I just say "don't click on links". I can't explain why you shouldn't use the same password everywhere to someone who needs to reset their password literally every time they log on, so I just tell them to use the one their friend or child has written down for them. It's terrible, but I get it when vendors draw a line in the sand and say "this is to protect those users."
That said, as a user who does understand, there's an element of frustration. Hopefully they bury an override option somewhere, or maybe just add it to their ESR but I doubt I would ever use it.