IIRC, the highlights of the anti-Tor-Browser argument are something like:
- Various people who are very interesting to intelligence agencies, police, organized crime syndicates, and private security for major corporations use Tor Browser, increasing the demand for and thus price of black market exploits specifically targeted at it.
- Tor Browser incorporates patches and default settings that receive less testing and review than the code and defaults of vanilla Firefox, making it more likely that vulnerabilities exist.
- Architecturally, Firefox lacks robust exploit mitigations, making it more likely that such vulnerabilities are actually exploitable.
- There's a delay between security fixes in vanilla Firefox and their release in a Tor Browser update.
- Exit nodes and root CA certificates may both be controlled by attackers, potentially giving them the ability to deploy exploits even to targets that only use HTTPS to trusted sites.
Adding all of the above together, it is not only plausible but likely that effective exploits specifically for Tor Browser currently exist in some attackers' toolkits.
An addition to this summary: Tor Browser is generally good for anonymity, because it creates a pool of users with identical browser fingerprints. But it is bad for security, for the reasons above. And I suppose that if your security is broken, your anonymity probably is, though at one remove.
- Various people who are very interesting to intelligence agencies, police, organized crime syndicates, and private security for major corporations use Tor Browser, increasing the demand for and thus price of black market exploits specifically targeted at it.
- Tor Browser incorporates patches and default settings that receive less testing and review than the code and defaults of vanilla Firefox, making it more likely that vulnerabilities exist.
- Architecturally, Firefox lacks robust exploit mitigations, making it more likely that such vulnerabilities are actually exploitable.
- There's a delay between security fixes in vanilla Firefox and their release in a Tor Browser update.
- Exit nodes and root CA certificates may both be controlled by attackers, potentially giving them the ability to deploy exploits even to targets that only use HTTPS to trusted sites.
Adding all of the above together, it is not only plausible but likely that effective exploits specifically for Tor Browser currently exist in some attackers' toolkits.