You're probably gonna be downvoted a lot, but I'm afraid you're correct. Mozilla cares about web standards (like HTML or CSS or WebExtensions) - that was their mission after all, it's wrong to say they don't. But their action repeatedly show that don't care about open standards for anything else, like their browser itself.
I'll give another example - look at their Sync system. It's a pseudo-open unholy mess of Mozilla-unique ("proprietary" as in "owned by and unique to a certain company") standards without any regard for interoperabilty and openness. I'm 99% positive it could've been a couple of standard technologies, but they reinvented everything (auth, blob storage, everything) in absolutely unnecessarily unique manner, and awfully overengineered. I've had pleasure of attempting an alternative implementation based on their specs (to self-host, had to abandon because it's all way too hostile), so I know what I'm talking about. It's under a guise of "open standards" (in a sense it happens to be partially documented) but no single engineer in their sane mind would adopt this for their own projects.
Privacy and security? Last time I've checked (admittedly, a couple years ago) it was years since they knew their Firefox Account/Sync auth has security issues and has to trust Mozilla servers to be secure (login form and cryptography suite is not built into browser, like in proper end-to-end encrypted software, but served online), and they didn't do a thing about it, entirely dismissing it as a non-issue. Could've sent that password over HTTPS and just promise to not to save it (actually my alternative now-dead Accounts/Sync implementation did just that as a shortcut). In other words, Mozilla gets a nice gag order (or gets hacked) and they can be forced to circumvent all their end-to-end encryption pull your browsing history just fine without changing a thing on your machine so no local code audit would help. That's not how privacy-conscious software is written (e.g. Signal - it might get backdoored, but it'll need an update to deliver a backdoor).
It doesn't help that there are no alternatives I'm aware of. Firefox sucks but that's - sadly - the best we have.
I'll give another example - look at their Sync system. It's a pseudo-open unholy mess of Mozilla-unique ("proprietary" as in "owned by and unique to a certain company") standards without any regard for interoperabilty and openness. I'm 99% positive it could've been a couple of standard technologies, but they reinvented everything (auth, blob storage, everything) in absolutely unnecessarily unique manner, and awfully overengineered. I've had pleasure of attempting an alternative implementation based on their specs (to self-host, had to abandon because it's all way too hostile), so I know what I'm talking about. It's under a guise of "open standards" (in a sense it happens to be partially documented) but no single engineer in their sane mind would adopt this for their own projects.
Privacy and security? Last time I've checked (admittedly, a couple years ago) it was years since they knew their Firefox Account/Sync auth has security issues and has to trust Mozilla servers to be secure (login form and cryptography suite is not built into browser, like in proper end-to-end encrypted software, but served online), and they didn't do a thing about it, entirely dismissing it as a non-issue. Could've sent that password over HTTPS and just promise to not to save it (actually my alternative now-dead Accounts/Sync implementation did just that as a shortcut). In other words, Mozilla gets a nice gag order (or gets hacked) and they can be forced to circumvent all their end-to-end encryption pull your browsing history just fine without changing a thing on your machine so no local code audit would help. That's not how privacy-conscious software is written (e.g. Signal - it might get backdoored, but it'll need an update to deliver a backdoor).
It doesn't help that there are no alternatives I'm aware of. Firefox sucks but that's - sadly - the best we have.