There's also bubblewrap, which I haven't used, but promises to be an even lighter way to sandbox applications.
Generally, I agree with you that the lighter the implementation is, the better, but when it comes to sandboxing and other security measures, I would prefer not to roll my own.
From my brief look at firejail, how would I do the rollback? (i.e. reset everything back to exactly how it was before the run). Also n.b. I'm not rolling any security measures of my own here - it's reliant on the kernel correctly separating users.
You can use --private-home to 'import' an existing set of files (e.g. a 'clean' FF profile) into the sandbox, then any modifications made to it are discarded when FF quits.
Generally, I agree with you that the lighter the implementation is, the better, but when it comes to sandboxing and other security measures, I would prefer not to roll my own.