Plain SELinux would not have prevented this as Firefox would run in your users context (unconfined_t), The alternative is, the sandbox command: https://danwalsh.livejournal.com/28545.html
SELinux can certainly work, even without using the great sandbox command. Your SELinux profile only grants Firefox read access to your files because you might want to use it to upload some of them; revoke that permission and leave it only the ability to read your browser profile and the problem is solved. Of course, the exploit would still expose things in your browser profile (bookmarks, history, saved passwords).
The sandbox command mitigates that by showing the browser an empty home directory, so that each time you launch it it will create a new profile with no such data in it. Note that a long-running sandboxed Firefox could still have a decent amount of history to expose. Best to start a new one for each site you visit, if you can stomach it.