They are definitely rare, but once they exist they can spread like wildfire because people (usually correctly) trust browsers to sandbox websites. Put another way, browsers run untrusted programs day in and day out on virtually all sorts of otherwise trusted devices (including enterprise devices) so the impact is gigantic.
Since I cannot reply to your other comment, I will respond here. What proportion of Firefox-Linux users do you think are victims of such RCE attacks?