I'm not sure they could, even if they wanted to. The security problems with those technologies aren't due to implementation goofs. They're fundamental issues with the design of those platforms, all of which were designed back in the '90s, when we didn't appreciate just how dangerous an environment the Internet could become.
There's no way to fix issues that run that deep without breaking backwards compatibility with all the existing code written for those platforms, which would negate the entire point of the exercise.
> all of which were designed back in the '90s, when we didn't appreciate just how dangerous an environment the Internet could become.
No, it was in the 2000's and 2010's. And even more than 10 years ago, people were aware of how Internet can be dangerous, as shown by Internet Explorer.
Moreover, Firefox had sandboxing before Chrom* and Electrolysis:
The "sandboxing" you're referring to was very limited in scope. It essentially amounted to not giving content scripts any references to non-content objects like the browser chrome; poorly written extensions often broke this "sandbox", and it provided no protection whatsoever against browser exploits -- any arbitrary code execution exploit would allow an attacker to run unrestricted code on the user's system.
