Firefox should run every tab as an isolated process. But sandboxing is not as needed as you may think.
It is needed to prevent malicious code exploiting the rendering engines from accesing even more. But in some cased those exploits could also circumvent the Sandbox.
I had a Discussion about this recently and to my surprise was told Mozilla rewrote many core components of Firefox in memory safe Rust. This automatically gets rid of many security problems, while Chromium afaik uses unsafe languages.
To this "another attack surface", yes maybe but you already have Chromium, which due to its usage is a way bigger one. Firefox circumventing hardening is bad though.
To Orbot etc, you can use it, but a paid good VPN may be better. After all Tor is way more anonymous than any VPN, but makes you a target more. With regular apps and Orbot you would constantly use Exit Nodes (I run one, do the same!)
The tor network is only good if connecting is private (public wifi, vpn) and you stay inside.
Also checkout i2p, there is a purplei2p fdroid repo that has a Conversations fork for i2p!!