Everything has advantages and disadvantages. Virtualbox is going to be fine to stop most attackers from breaking isolation. In the FH attack the feds didn't even make an attempt to break isolation. If you use Virtualbox and Firefox, then to be pwnt without a zero day you will need to simultaneously be running both of them without the latest security patches. It reduces your window of vulnerability, because when one has a public vulnerability the other may not and vice versa. And getting a zero day for one or the other is much more expensive than using a known attack. Also, virtualbox still gives you ASLR which means a vulnerability in firefox in virtualbox could be harder to exploit than a vulnerability in firefox in xen. On the other hand Xen has a really minimal code base compared to virtualbox and it will be harder for an attacker to break out of it probably. But it might be easier for an attacker to break into it. But Qubes lets you have so many domains that an attacker breaking into one of them shouldn't be a huge failure. If your firefox domain is pwnt, well you are using a Tor VM and firefox doesn't know your IP address, and you are using a GPG VM and none of your plaintexts can be accessed by Firefox and it also cannot access your private key. Nothing gives you all of the advantages and none of the disadvantages yet. Hopefully Xen starts supporting ASLR and other security features in its guests. I don't even think dom0 can have ASLR, whereas virtualbox on a host with ASLR gives you ASLR for firefox in the VM and ASLR for virtual box on the host. Plus you can use mandatory access controls to isolate virtualbox and virtualbox to isolate firefox. I would go with Qubes over Whonix and Xen over VBox. But Virtualbox has some advantages over Xen as well.