What a malicious website can do in the worst scenario on a upgraded system [closed]

I use last Debian stable (buster as June 2020).

• system upgraded everyday (and browser addons updated automatically)
• Firefox 68.9.0esr (64 bits) (the one from apt package system)
• decent hardware (less than 5 years old)
• Debian security upgrade enabled

I’m aware of security concerns, I…

• verify (before clicking a HTTP link) if the link looks like example.org, but are in fact example.org.random.tracker.io by example (I take care about phising and tracking)
• take care of untrusted X509 certificates for https websites
• avoid using non trusted Firefox addons
• never open suspicious files in web or mails
• don’t use weak passwords (and I don’t use the same on 2 websites)
• never run Firefox as root (who do this ?)
• use httpsEverywhere, uBlock-Origin, Ghostery, Decentraleyes Firefox addons

So my question:

• what is the risk of opening a malicious website (if not in google safe browsing DB) ? What it can do, the worst way, apart phishing website ? (I guess crypto-mining at least, exploit of Firefox vulnerability…)