All privilege escalations were as it allows any user to run it with root privileges and exploit those vulnerabilities to gain root.
Bubblewrap has far less attack surface so it being setuid isn’t as much of a problem. For example, using sloccount you can see that bubblewrap only has 3,738 lines of code while firejail has 53,286 lines of code which is a considerable increase in attack surface. Firejail is around 14 times larger.
Another example of bubblewrap’s reduced attack surface is it not even interfacing with raw syscalls for seccomp filters due to it being too complicated Easy seccomp · Issue #317 · containers/bubblewrap · GitHub (you need to create your own filters with seccomp_export_bpf).
Bubblewrap is also only setuid if the OS doesn’t support unprivileged user namespaces which Debian disables by default.
Here are a few examples.
Daniel Micay:
DanielMicay comments on OS Security: iOS vs GrapheneOS vs stock Android
They generally don’t really work as meaningful sandboxes and Firejail specifically is extremely problematic and I would say it substantially reduces the security of the system by acting as a massive privilege escalation hole.
https://lists.archlinux.org/pipermail/arch-general/2017-February/043066.html
A junk, insecure application is not a reason to greatly reduce kernel security for everyone.
Simon McVittie (Debian, bubblewrap, dbus, flatpak maintainer):
Can ease of use be closer to that of firejail? · Issue #266 · containers/bubblewrap · GitHub
(And, yes, I’m aware that Firejail is both complex and setuid root. I think that’s an inadvisable design, and a significant security risk: compare Firejail Project Firejail : Security vulnerabilities, CVEs with Projectatomic Bubblewrap : Security vulnerabilities, CVEs)
7 of them were privilege escalations which just having the binary on your system allowed an attacker to exploit.
Bubblewrap:
Projectatomic Bubblewrap : Security vulnerabilities, CVEs)
AppArmor:
None of these vulnerabilities were privilege escalations.
Not every single package has to be reviewed. High risk applications meant for security with large attack surface and are installed setuid such as firejail do.