The problem with the vast majority of Firefox forks - Waterfox, Pale Moon, Basilisk, to name the most common - is that they are based on old versions and old code, and they lag behind Firefox in terms of security updates, sometimes by several weeks or even months. Any time bugs or security flaws are discovered, after Firefox patches them the devs of each fork has to examine the patch, adjust it as necessary to work with their fork, test it, and then integrate it. Some critical vulnerabilities have gone unpatched for weeks, which is an unacceptable security risk.
Also worth pointing out that the most popular Firefox fork - Waterfox - has been bought over by an advertising company.