Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.
firejail project firejail -