Your first link is a good resource, thanks; it points out many valid issues where Firefox needs to catch up. It is definitely slanted though; for example Firefox's Rust usage is compared to Chromium talking about maybe using Rust someday and the conclusion is "so that's a wash". Also, "the parts that are memory safe do not include important attack surfaces" isn't correct; all C++ code that manages dynamic memory is attack surface.
A slightly tangential issue is that the mitigations section is not super compelling to me because I think many mitigations are low-value. Evaluation of mitigations typically does not ask the right questions: How much work is it for an attacker to bypass the mitigation, assuming they're aware of it? Can that work be packaged and reused in multiple exploits? And how many bugs become completely non-exploitable due to the mitigation?
A slightly tangential issue is that the mitigations section is not super compelling to me because I think many mitigations are low-value. Evaluation of mitigations typically does not ask the right questions: How much work is it for an attacker to bypass the mitigation, assuming they're aware of it? Can that work be packaged and reused in multiple exploits? And how many bugs become completely non-exploitable due to the mitigation?