As a simple demo of this, running 'gimp' as a 'guest' user allows you to take screenshots of windows owned by the user who started the session. Thus, a compromised copy of firefox on the 'guest' account could, for example, easily capture the contents of any window on the system.
Still, the main reason I run the browser as a different user is to isolate it for privacy; there are some security benefits too, but I agree it's not something that would defeat a targetted attack.
Still, the main reason I run the browser as a different user is to isolate it for privacy; there are some security benefits too, but I agree it's not something that would defeat a targetted attack.