Your post does present merits. However, we do not want to restrict it only to Firefox. Not everyone uses it ... I don't. Hence, moot. Sorry but more prioritized than securing the Firefox browser is all browser - Konqueror, Opera, Chromium, Epiphany, Galeon, Seamonkey, Dillo, Google Chrome, etc. and none are compatible with Firefox addons.
A group account "internet" of which users can be members restricting activities to a separate folder at /home and no access to the user's /home sounds like it may work. Browser caches, tmp files, cookies, downloads, etc. can all be stored on the separate folder at /home. But what about account info and passwords ... how do we separate these from what the browser stores?