Look at the prize money for Firefox, lowest of them all.
I think this proves my original point.
TBB is routinely attacked by nation states and other government groups. In that context, homogeneity is an important factor since they only have one target to focus on and considerable resources to use. By the way this is also another point against someone using Firefox. By choosing Firefox, you are choosing a browser that __you know__ is actively targeted by nation states and government groups, because it's used in TBB. You can safely assume said groups have multiple Firefox 0days.
My original point however is not that Firefox is insecure vs nation-grade attackers. __Every browser is__
There are plenty of criminal groups (ever increasing) and actors with limited resources that will focus on Firefox because it's easy to exploit. The fricking FBI was owning people with a Firefox 0day. The same groups would find Chrome or Edge too hard. This is of course a personal evaluation, given what I know from conversations with people in the security domain.
Let me leave you with this piece of (anecdotal) information: In my last job, we used to have new hires for exploit development pick a browser to work on for the first few months. Expectation being remote exploits, lots of them.
TBB is routinely attacked by nation states and other government groups. In that context, homogeneity is an important factor since they only have one target to focus on and considerable resources to use. By the way this is also another point against someone using Firefox. By choosing Firefox, you are choosing a browser that __you know__ is actively targeted by nation states and government groups, because it's used in TBB. You can safely assume said groups have multiple Firefox 0days.
My original point however is not that Firefox is insecure vs nation-grade attackers. __Every browser is__
There are plenty of criminal groups (ever increasing) and actors with limited resources that will focus on Firefox because it's easy to exploit. The fricking FBI was owning people with a Firefox 0day. The same groups would find Chrome or Edge too hard. This is of course a personal evaluation, given what I know from conversations with people in the security domain.
Let me leave you with this piece of (anecdotal) information: In my last job, we used to have new hires for exploit development pick a browser to work on for the first few months. Expectation being remote exploits, lots of them.
Most of them picked Firefox.