Chromium is far more secure than Firefox. Firefox's sandboxing and exploit mitigations are poorer than Chromium's
by a large degree.
Firefox's sandboxing lacks any site isolation. Project Fission is still a WIP. The sandbox is currently only
focused on isolating the browser as a whole from the rest of the OS and even that is quite poor. Excluding the issue
of site isolation, only the Firefox sandbox on Windows is similar to Chromium's but even then,
it lacks win32k lockdown.
The sandboxing on other platforms is very insecure and the Linux sandbox can hardly be called a sandbox at all as there
are plenty of trivial escapes such as the X11 server
(this is also a 5 year old, critical issue). The issues with the Linux sandbox also go far beyond X11. One example is that
there is no GPU process sandboxing. Another example
is that the seccomp filter is weaker; for example, there is
barely any ioctl filtering and
only tty ioctls are blocked and there are a lot more issues.
On Android, Firefox does not have a sandbox at all beyond
the OS app sandbox unlike Chromium which uses the isolatedProcess
feature.
Firefox also lacks important exploit mitigations that Chromium has such as a
hardened memory allocator (mozjemalloc is just a few
security features tacked on to jemalloc which is
inherently exploitation-friendly and is not similar to a hardened memory
allocator), Control-Flow
Integrity, JIT hardening,
ACG,
CIG and many more. You can look through Bugzilla for more examples.
Firefox does have some parts written in Rust, a memory-safe language,
but the majority of the browser is still written in memory-unsafe languages so this isn't anything substantial and
Chromium is working on switching to memory-safe
languages too.
Firefox also uses RLBox but this
is only used to sandbox a single library, Graphite and again, is not anything substantial.
Just look at what security experts have to say about Firefox.