Extensions are highly privileged programs that have access to all your data on every website. Manifest V3 restricts what these extensions can do, but regardless, it’s a good idea not to install any browser extensions. Ideally, a browser would not support extensions at all and provide privacy by default. This would prevent any third-parties including Gorhill from spying on the user’s entire browsing history and everyone would be uniform.
No. It’s not. Firefox is still behind Chromium in exploit mitigations and it’s sandboxing and site isolation is less mature than Chromium’s. That said, it’s still a better choice than most other browsers including ones that use even more insecure engines like QtWebEngine (which uses an extremely old version of Chromium), WebKit (no site isolation), Goanna, and NetSurf’s engine.
Tor Browser, while the only true way to browse anonymously, is seriously flawed due to being forked from Firefox instead of Chromium and not being as up-to-date as other Firefox and Chromium forks.
I think Google Chrome isn’t a bad browser for most people as it is the most secure (apart from Edge on Windows) and updated and users can disable most if not all telemetry in the settings. There should be a guide for this and Edge even if the browsers aren’t recommended since a lot of people must use those browsers or simply don’t want to switch.