As far as I understand, that’s a local privilege escalation vulnerability.
There are two things that can go wrong with (an application similar to or) firejail.
- local privilege escalation vulnerabilities
- sandbox escape vulnerabilities
If I understand this right… The prerequisite to exploit above issue is local user compromise. Applications running inside a firejail sandbox couldn’t use this.