Dom0 and Fedora templates may have unidentified vulnerabilities that can be successively exploited from, say, fedora 40 to fedora 32 (backwards).
And here I have a question - is qubes protected against such a scenario, in which vulnerabilities found in fedora used by Dom0 and Fedora templates, are shared and actively exploited?
If it was, it would be mentioned somewhere, so I assume the answer is no.
You may be interested to read:
Is Qubes considering the use of anonymity and privacy for Qubes hardware, such as hiding the identification of Fedora-based templates as Fedora in an internal environment with a possible transition to an external environment?
Qubes is not focused on privacy, so another no.
Why doesn’t Qubes’ sys-firewall or sys-net use a distribution of, for example, OpenBSD and at the same time have active IDS and IPS systems?
sys-net is distrusted, so it doesn’t matter much.
What particular IDS and IPS systems do you mean? And what is a double firewall?