This blog post also explains the sandbox escape that was used to attack coinbase in 2019. Public exploits and write-ups exist, but this blog post focuses on the techniques to find these bugs:

• The APIs that Firefox uses to send messages across processes
• How to fake these IPC messages, which essentially helps simulating a compromised child process and might be useful in finding additional sandbox escapes
• How to enable browser-process debugging and step through JavaScript code in parent and child process using normal Firefox DevTools.