How secure is "Browser in the Box"?

From their product page, we can infer a lot about how their system works. Here are the key points:

• Can be used with Windows XP and Windows 7
• Comes with: VirtualBox 4.0.16, hardened Linux Debian 6 and SELinux and Firefox
• Browser execution takes place in separated virtual machine with own operating system
• Downloaded files are first scanned and then provided to user Configurable security polic for copy & paste, download, upload and printing
• Reset to certified initial snapshot upon each start of the browser
• Configuration data of the browser can be stored persistently and are retained for restart

So apparently it runs Firefox on Debian 6 Linux with SELinux inside a virtual machine running inside VirtualBox, on a host that must be Windows.

As for how secure that is, for the most part, it's the same as running a browser inside a Linux VM in VirtualBox with a snapshot you roll back every time you want to reset. Except that they are actually using a very outdated version of VirtualBox from 2012, which is probably a bad idea for lack of security updates. I get the feeling development on this product is abandoned.

While a virtual machine does add security, virtual machine breakouts do exist, and VirtualBox has be on the receiving end of such exploits before.