Add privilege separation for bundled browser
Modern OSs offer security mechanisms to run 3rd party applications with reduced privileges:
Windows Vista and later have Protected/Low Integrity Mode. OS X has seatbelt, fully usable at least since Lion. Linux has several mechanisms, seccomp is in the kernel and should be available on all recent distros, SELinux and Apparmor are more distro specific (Red Hat, Fedora, Ubuntu).
Firefox upstream doesn't make use of any of them yet but that shouldn't stop redistributors with different security requirements...
Firefox is also the only major browser that doesn't have a multi-process architecture to further limit the privileges of code that handles untrusted input. I don't think anything can be done about that short of waiting for Electrolysis making it into Aurora or switching the browser to something else in the meantime which is probably undesirable for many reasons.
However sandboxing the firefox process could be done right now with relatively little difficulty. The heavy-lifting has been done already, Chromium has several sandbox mechanisms to cover all major platforms.
A few links to get started: For Windows: a few icacls commands are enough for a basic configuration. https://wiki.mozilla.org/Mozilla_2/Protected_mode http://superuser.com/questions/30668/how-to-run-firefox-in-protected-mode-i-e-at-low-integrity-level
For OS X: http://developer.apple.com/library/mac/#documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html http://dev.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design
For Linux: http://code.google.com/p/chromium/wiki/LinuxSandboxing Ubuntu comes with a Firefox Apparmor profile which just needs to be adapted to point at the correct binary.
For *BSD: jail is available across the board
None of these are designed with the threat model of Tor in mind. Special focus would be needed to protect the IP address from the browser.
Similar levels of security and resilience against application vulnerabilities to the "anonymizing middlebox" (transparent proxy in separate computer of VM) can be achieved with privilege separation.
Make it happen before Electrolysis comes out (is it even still on their roadmap?)