To need to be "giving" something that should be, for lack of better phrasing, a given, is not a good sign.

They do block some by default, certainly, but only ones which in practice just crash Firefox (often because they are old).

Is there a way to unblock them as easily as blocking them?

Yeah it should be a given that you have control over this. Blame your OS for the fact that you don't have it by default. It doesn't make any sense to get mad at firefox for implementing this. They're not interfering with your control. If they did nothing, you would have no control.

Interestingly enough, Windows has this feature since Windows 10, but the PE flag disabling injection has to be set or an exception in security settings added to engage it.

The latter is how Microsoft secures Protected Container in Edge.

It's not particularly easy to set up and is just a complete block. The options are called Arbitrary Code Guard, Code Integrity Guard and (for old versions) Disable extension points.

https://learn.microsoft.com/en-us/microsoft-365/security/def...

I can't test this, but I suppose it should be as easy as going to about:third-party and clicking a button next to a blocked entry. Probably preemptively learning about how to reset this if Firefox won't start anymore.

As long as it's all end user-controlled, I suppose the only issue is awareness that this feature exists and how it's controlled (this is the first time I've read about it).

Also, it feels somewhat weird to have this function in an application rather than at the OS level (or as a independent process firewall application) - but I suppose this is fine.

That would imply I had the choice to begin with. On my work PC, they inject various plugins to enforce security policy. I imagine if I tried to circumvent that, the security software would just terminate the browser entirely. Not going to try, it's not worth it for me.