Sandboxing in the Flatpak version is a little weaker, since Firefox itself can’t provision namespace-based isolation. This issue will become more significant once Firefox rolls out PID namespace isolation. I wrote about the issue more on my microblog.
You can see how Flatpak provisions sandboxes in flatpak-run.c
I also know that Mozilla has lately been tightening up Firefox’s sandboxing. They’ve recently restricted the content processes from accessing the X11 server, for instance, and have been moving much functionality to a utility process. On Windows, the utility process is further restricted by Windows’ Arbitrary Code Guard; I’ve floated the idea of emulating that on Linux the same way Edge does. All of this would need to be duplicated on the Flatpak end, and I’m not optimistic about full parity when comparing against the moving target of the browser’s own native implementation.