iphone exploits are the most highly valued in the industry carrying a price tag of millions. However recently discovered mass attacks by China disprove the commonly held idea that such attacks are rare because of the reasoning you mention.
https://www.schneier.com/blog/archives/2019/09/massive_iphone_.html
In the case of freedom hosting, the Feds were slinging exploits at everybody even those who unwittingly used services that had nothing to do with the illegal ones.
There are plenty of plates on the FF bug buffet other than RCEs.
Blocking JS handles most if history is an indicator.