Firefox and chrome has been patched with pledge(2) and unveil(2). That means these items have very limited access to your system and disk. Those are usually applications people get compromised by.
For Firefox, the settings are in: /etc/firefox/policies/
IMO, pledge(2) and unveil(2) are better than anything Linux and other OSs have for sandboxing.
For Firefox, the settings are in: /etc/firefox/policies/
IMO, pledge(2) and unveil(2) are better than anything Linux and other OSs have for sandboxing.