If I want to up my security on linux by running Firefox and Thunderbird in a sandboxed environment, which is better: Firejail or Snap apps? Or maybe Flatpaks? Which is more likely to give me headaches? And maybe all this is totally unnecessary, because who ever heard of zero-day exploits on Firefox or Thunderbird running on linux? I usually run Manjaro Gnome or Kubuntu.
I've ran browsers and Thunderbird in Firejail with no issues whatsoever. As for Snap apps or Flatpacks, I've no idea.
Personally I think that browser should be first-and-foremost up-to-date. Even if you manage to contain infection to the space Firefox is using it is still quite a lot of valuable data here (cookies, some passwords, etc). And there are some attack that do not intend to get into system - they just want to inject some frame on site that should eavesdrop on typed keys that potentially contain user data, passwords, card numbers etc. Debian wasn't really keeping browser up to date as fast as I would like so I chosen Snaps. Flatpak probably would also be ok, or even better privacy wise.
Use Firejail and/or AppArmor(I think they can be combined) for sandboxing and restricting rights. Snap and Flatpak are a different software distribution method, not a security solution. They do offer some sandboxing functionality, but it is up to the developer of the application to add sandboxing rules, a lot of applications are not sandboxed at all.(Even though they may have a misleading Sandboxed icon, that does not give any guarantees, at least for Flatpak, I have no experience with Snap.)
