I would not use the outdated Firefox-based browsers (Pale Moon or Waterfox). It would take a large security team to keep these browsers up to date, teams they don't have. They are documented to be slow at rolling out fixes to their code base. The code base is increasingly divergent, making it harder to do over time. This is documented here
https://www.howtogeek.com/335712/update-why-you-shouldnt-use-waterfox-pale-moon-or-basilisk/
The fact that they can't really secure the browsers with their own resources but mainly issue delayed versions of whatever Firefox does is significant. For the really important ("0-day" issues) days make a real difference between masses of people having their system compromised in very foul ways, or not.
I hear Firefox isn't even allowed into the hacking competitions it is so insecure these days. I don't completely buy this argument... It doesn't apply to OSs like Debian vs rolling release distributions, does it? Plus if you think about "Mayfield's paradox," then there is way less reason to be working on Pale Moon exploits vs Firefox exploits - and Pale Moon gets to see Firefox security patches within a fairly short amount of time. Just because there are so many bad software forks, does not mean software forks are inherently worse or insecure. These Firefox-based browsers have been making better decisions than Firefox in general... Not to mention the active extension censorship Mozilla has been doing lately (look their Mozilla's ties with Soros). Also having to go into about:settings to customize your Firefox settings means that a privacy-preserving fork is better out-of-the-box for most people's privacy. I'm not sure if you can remove all the telemetry from Firefox using the about:settings interface or plugins, either. I am skeptical of Waterfox these days, but Pale Moon seems pretty good.
Plus, running your browser in some chroot/jail is advisable anyway.