Yeah, Gecko is one of the most hardened browser engines out there at this point. Fission and the win32k.sys isolation basically bring the general architecture up to par with Chromium. Chromium got those features earlier and hence has more mature implementations of them, so the edge goes to Chromium, but there's not much of a large-scale difference anymore.
There are a few areas in which one browser has the edge over the other in terms of security (e.g. JIT hardening in Chromium's V8 gives it an advantage over Firefox, memory safety of pdf.js in Firefox reduces attack surface over the C++ PDFium in Chromium), but these are nowhere near the old days of "Chrome has a sandbox and Firefox doesn't" or even "Chrome isolates tabs from each other and Firefox doesn't".
There are a few areas in which one browser has the edge over the other in terms of security (e.g. JIT hardening in Chromium's V8 gives it an advantage over Firefox, memory safety of pdf.js in Firefox reduces attack surface over the C++ PDFium in Chromium), but these are nowhere near the old days of "Chrome has a sandbox and Firefox doesn't" or even "Chrome isolates tabs from each other and Firefox doesn't".