Mining is not a security issue though. It doesn't break into anything. It just wastes CPU cycles.
If by "delivered to websites" you mean without the site owner's consent, via ad networks or comments/whatever user generated content, then it's a problem of trust and/or content filtering, it's orthogonal to browser sandboxing.
"Displaying the page" has meant "running arbitrary application code" since Netscape. If you don't agree, disable JavaScript completely and enjoy the 100% working pages everywhere ;)
If by "delivered to websites" you mean without the site owner's consent, via ad networks or comments/whatever user generated content, then it's a problem of trust and/or content filtering, it's orthogonal to browser sandboxing.