Should Firefox have implemented an insecure sandboxed browser vs
   waiting to perfect a browser and then releasing it?
   It's hard to say. If the decision immediately broke exploits and
   increased the difficulty by even a single digit percentage, maybe, but
   Zerodium took time to make decisions on this, so it won't be for months
   if any decision would be the right one.
   Regardless:
   [1]https://www.schneier.com/academic/paperfiles/paper-keylength.pdf
   Type of Attacker, (Budget), Length Needed for Protection in 1995
   Small Business, ($10,000), 55
   Corporate Department, ($300K), 60
   Big Company ($10M), 70
   Intelligence Agency, ($300M), 75
   it is safe to say that all consumer products provide only 60 bits of
   security in 1995 dollars, with the exception of mobile devices.
   Few know this, but during the Fappening, Hollywood fixers attempted to
   exhaust the bandwidth of those sharing the photos. Some of those fixers
   previously hired Pellicano, who engaged in wiretapping to aide one side
   gain an edge during a dispute.
   There is plenty of money for cybersecurity. No one went looking.

References

   1. https://www.schneier.com/academic/paperfiles/paper-keylength.pdf