I’m not saying Librewolf is insecure, I’m saying its less secure. They generally do a good job keeping up to date, but there can be delays if an update conflicts with their changes.

Librewolf is not just a Firefox config. You can look at the repo and see a number of patches. Without a paid security team to review these patches with every update, it is less secure.

I’m not saying not to use Librewolf, the likelihood of a zero day specifically targeting it and effecting a significant number of users is very unlikely.