Create PulseAudio AppArmor profile
From what I’m being told, PulseAudio provides an API which allows clients to tell the daemon to execute arbitrary commands on its behalf. This effectively bypasses all AppArmor profiles which give access to PulseAudio, such as Firefox, Totem, etc. The confined programs can escape their sandboxes by asking PulseAudio to execute whatever commands they want. The solution is to provide the daemon with its own AppArmor profile.
There is also a program in development to attempt to mitigate this issue through IPC filtering, called flatpak.