Malware will have an unlimited number of methods to continue patching Firefox, this change only makes it harder for regular users to configure Firefox manually for installing extensions that have not been blessed by Mozilla.
The target for this has never really been outright malware but it does make it far more annoying for them. The target is badware or bundleware
where a few missed checkboxes means users with 15 different spyware add-ons “search fixers” or ad-injectors. These grey-market apps aren’t suddenly going to jump the ship into actual malware and binary patch Firefox.
I feel like the people we consider ”regular users” to be really different.
Like we’re talking about a subset of the population that want’s to install their own private extensions or sideload someone else’s but doesn’t understand how to uninstall the release version and install the developer edition when prompoted.
Adware will continue to be able to legally circumvent extension signing when it has root access and consent by the user. This only makes it prohibitive for users to customize their own browsers.
It's also possible to make this setting configurable only from the browser UI, where you get a chance to educate and properly warn your users.
They also want to restrict the config option on Linux, where the adware problem you describe is not really present.
This continues the long trend of browsers not trusting the underlying OS to actually protect users from soft-malware.