The point of defense in depth is that you should not rely solely in practice on a single defense element, but you still should strive the hardest when you design it to be sufficient if it was bug free (at least on points where it is possible given the security model, and what the technical item can address).

So splitting everything in sandboxed processes can play a big part in the security in a defense in depth approach. Of course you are not going to call it a day with just that, but still, it's extremely significant.

> extremely significant

How so? Are you saying that simply by being single-process currently firefox is orders of magnitude less secure than other browsers?

And that it would still be orders of magnitude less secure even with sandboxes, where just multiple tabs might share a sandbox?

It is to put approx on the same level as ASLR, DEP, Mandatory Integrity Controls, etc.

From a modeling POV it might actually be better than ASLR, DEP, etc, which are "only" mitigations for which multiple approaches are know to exploit other holes up to arbitrary execution and complete compromises in some cases, even if they are perfectly implemented (in limited conditions), while multiple sandboxed processes can be, at the model level, perfect. In practice (when you add bugs in the picture in all layers, and not just one, and when you actually don't isolate everything like crazy), it is obviously just another tool, but a very significant one (let's drop the "extremely" - it not about being an order of magnitude more "efficient", which would be a very blurry notion anyway -- I mean I guess at one point DEP even alone could maybe be considered orders of magnitude more secure, depending on your precise definition of everything).

What I want to convey about defense in depth is that it is about layering various mechanisms, independent if possible, to protect against various risks, while making the hypothesis that some will fail. You don't casually remove a layer (or pretend that a layer is equivalent to almost none because it does not protect you against one risk in some cases). Defense in depth is actual engineering, like the various safety components in any dangerous system. And the value of sandboxed processes is pretty clear. That it is not a silver bullet does not render it useless.