Comment 1 for bug 430566

Thank you for using Ubuntu and taking the time to report a bug.

You are quite correct in your assessment, and the flaw is in AppArmor itself. The Ubuntu development release (Karmic) has fixes to make binary filename globbing work, though I think you should be able to get this to work in Ubuntu 9.04 (Jaunty) if you specify the filename like so:

/usr/lib/firefox-3.0.*/firefox {
  ...
}

In fact, firefox-3.5 (the default in Karmic) now has an opt-in profile that you can use that takes advantage of this. As such, I am going to mark this as 'Fix Released'.