It's strange that it doesn't have Waterfox. Anyway, that wasn't my point in the first place; first, Mozilla has to release its bug fixes, and then all these other browsers' devs have to release their own counterparts in response. It is during this window in time when they're most insecure, since the issues are then brought to light while users are helplessly waiting.
I understand but just like one said "cybersec is just a panic control". I don't know if you are really really vulnerable especially when non-harden updated Firefox is more vulnerable and less secure than hardened a little outdated forks. If that's not a crticial CVE I don't see an issue on my GrapheneOS. Google could convince you not to use Firefox and use Chromium instead because they can control security for you not Mozilla so it also depends on perspective.