Yeah, both are based on Firefox. Mozilla's version of Firefox has a shit-ton of stuff that collects every website you visit, and even pings when you close a tab. Most popular browsers are pure spy apparatus (ie Firefox Chrome and more). Telemetry, malicious site blocking, SSL cert checking, account protection, and the such are just excuses to track you or leak your usage to parties that can. Open source forks of browsers are important to avoid this.

TorBrowser has been around quite awhile as a security enhanced fork of Firefox. Brave Browser is the same, but quite newer. All "new" security is subject to a long road of painfully being run though the ringer. I don't see why the DNS leak (of onion addresses) were being made, as it doesn't make sense to send addresses out to check, but it seems Brave Browser was made aware of it with their hack/bug bounty system and fixed it rather quickly. That seems the tail of how we expect bugs and security issues to be found and fixed now days.