Support an amnesiac profile directory.
Basic idea is to copy the profile directory into a new tmpfs mount inside the container on each launch so that even if firefox writes evil to it, said evil will be non-persistent.
The drawback is that this applies to bookmarks and preferences, so it can't be the default behavior, but as an "improve security" option, it's easy to do.