Do you also sandbox the browser with some sort of remote desktop, or run under a separate X session? AFAIK X allows any program to meddle with any other program under the same display.
No, I don't. Setup is easy. In the easiest scenario just create user, add to /etc/sudoers line which lets you run Firefox as another user without need for password, create one line script to use sudo and just refer to that script, if you want to execute Firefox. I think there was also on mailing list posted a small C program to change UID and GID of Firefox process and you also probably can use doas from base, but I still use sudo.
