FYI to the parent poster, if you don’t trust Mozilla installing from a deb vs apt won’t make a huge difference. Firefox automatically updates and could decide arbitrarily to reconfigure your apt repos for you, or pull down and install additional debs.
It’s a fair move to minimise the risk, so I’ll be pinning on my system if it’s not already, but it won’t make a whole world of difference if the remote actor starts misbehaving. The other alternative is to disable automatic updates entirely and hope the version you’re pinned to is okay, but vulnerabilities in browsers are common, that’s basically what LTS is for anyway.
I trust Debian, and I trust the Debian Firefox team to secure Firefox, but I do not trust Mozilla.