I've been using Mozilla code since Mozilla was still the internal name of a Netscape Communications project to create the next generation browser suite, replacing the venerable Netscape Communicator product. I'm under Win10 Pro at the moment, though I've dual booted Linux in the past. I have Brave, Chrome, MS Edge and a few other things installed to track development, but Firefox is my production browser. (Among other reasons, it makes it easy to put its cache on a RAMdisk, and lets me specify where profiles are created when I spin up new ones. (They all live under a \Mozilla\Profiles\Firefox directory for ease of fiddling.) I have several profiles, customized for different purposes, and choose which to run on invocation.
I don't see the problems cited here, but I don't run third-party A/V, nor do I run AdBlock or NoScript. Windows Defender built-in A/V and anti-malware provides adequate protection. I run an extension called uBlock Origin, which is a generalized blocker for ads and other things. I stopped running NoScript when the maintenance required to get uBlock and NoScript to play nice and not step on each other's toes became more trouble than it's worth. (uBlock Origin is cross-browser, and available for Brave, Chrome and Edge as well as Firefox.) I'm not fanatical about ad blocking. I just want to be able to peruse sites without ads getting in the way. My original ad blocking solution was custom CSS that defined a long list of ad server sites, and simply didn't display content fetched from them. I've had to take more extreme measures in recent years.
I'm not fussy about things like clearing cookies. Sites set cookies on your machine to remember you and your preferences, and that's fine by me. There are sites where I want to be remembered to make life easier, because I visit them all the time.
I also largely don't care about tracking. The things that track me are bots trying to build a profile of what I like and do to better target ads. Fine by me: ads are a way I discover things I might like to buy, and the better targeted the ads, the less time I spend separating wheat from chaff. And what is being tracked isn't me, it's the device I am using to browse the web, from the IP address provided by my ISP. The advertisers don't care who I am, and don't need to. If I actually follow up on an ad and buy something, details about me get provided as part of the purchase. Until that happens, who and what I am is irrelevant. And I have the technology to keep ads from getting in the way of browsing.
The areas where I have genuine privacy concerns are health records, finances, and my sex life. The first two are in the hands of third parties who have legal as well as moral reasons to keep them private, and I am ultimately at their mercy. My sex life never gets on line to begin with. In general, nothing that I do or where I go online would give me heartburn were it to become public. For the odd bit that is (because I'm a cat curiosity hasn't killed and sometime poke around in the Dark Web), I have the technology to remain anonymous. I just seldom have reason to deploy it.
I had an epiphany about A/V back in the WinXP days. I was running Symantec Corporate via an employer site license. It installed with no problem, ran like a top, and consumed few resources. (I would not touch its consumer sibling Norton's with a stick.) The version of Symantec I was using reached EOL and would no longer get signature updates. I no longer worked for that employer, so a new version would be on my dime. The only things Symantec ever caught were false positives. I asked myself if I needed third party A/V and concluded I didn't. I dropped it and didn't miss it.
Viruses and malware are infections. Infections have vectors by which they enter the host body. Ward the vector, and block the infection. The principal vector for viruses is email. I use Gmail. My mail resides online on Google servers, and I read and respond in my browser. I can check email from any place I have decent broadband and a supported browser. And Gmail implements viewers for the vast majority of attachments, so I can view them in my browser without opening them on my PC. Potentially malicious content never reaches my PC. (And Gmail has the best spam filters I've used. Perhaps one spam every two weeks reaches my Inbox, and click Report Spam and I don't see it again.) The vast majority of stuff that might be problematic will also be spam I've never see unless I deliberately look. I don't get viruses. I warded the vector.
The principal vector for malware is the browser. It's one reason I've used Firefox since the days when MS Internet Explorer was the dominant browser. Most attacks tried to target it, and bounced off of Firefox. And most malware requires Admin rights on the PC to do the dirty work. If you are not logged onto Windows as Administrator, they bounce off. Under XP Pro, I created a Power User userid for normal usage, and became administrator only when required by something that needed it. Win7 and later make Power User the default for logins, and prompt you when admin rights are required. I don't get malware. I warded the vector.
I keep Windows fully patched, don't use IE, and am aware that the Internet has bad neighborhoods, so I am careful to know where I go, what I do, and what's going on around me. I have not had a serious virus problem in decades, and have never had an issue with malware. I practice Safe Hex.
I don't assume my strategy will work for everyone, but I do think many folks are going to more trouble than they need to to stay safe online. Safety comes from knowledge, and if you have it, you need to deploy less protective measures that can get in the way of normal usage.
______
Dennis