If we use a web browser as an example, what are the odds that a compromised website is going to try to exploit the browser itself vs. exploiting an external sandbox application? Clearly the former. Sandboxing a web browser will prevent many more classes of attack than it exposes you to.
Also worth noting that the suid binary you mention will refuse to run at all if the executing user isn't in its whitelist. It's not like you can pop a shell on some ftp user and run firejail as root.
If we use a web browser as an example, what are the odds that a compromised website is going to try to exploit the browser itself vs. exploiting an external sandbox application? Clearly the former. Sandboxing a web browser will prevent many more classes of attack than it exposes you to.
Also worth noting that the suid binary you mention will refuse to run at all if the executing user isn't in its whitelist. It's not like you can pop a shell on some ftp user and run firejail as root.