If you configure Firejail to allow the program to access that file, and filesystem permissions allow the program to write to that file, it can write to that file. Firejail is not a malware scanner.
As I think of it, Firejail does two things for you:
For example the default Firejail profile for Firefox runs a sandbox in which the root user doesn't exist, only /tmp and /home (selected subdirectories only) are writable, the system calls that can be used are limited, all privileges are dropped, directories that have system commands are made unavailable, key system commands are made unavailable from your entire path, key system configuration files are made unavailable, and development commands (e.g., compilers, linkers, debuggers) are made unavailable. All this cuts into the toolbox malware would use to own your operating system.
In addition to that, the default Firejail profile for Firefox severely restricts what files and directories in your home directory Firefox can access. Common directories used by GUI programs are accessible, as are your Downloads directory and any directories Firefox or common add-ons for Firefox would use (configuration, cache, etc.). Where it doesn't need write access the access is made read-only. Everything else is inaccessible (not even visible); your terminal history, ssh keys, gpg keys, system keyrings, files specific to other web browsers, your Documents directory, and so on are all inaccessible.
Most default profiles are very similar to that. You can see the default profiles in /etc/firejail.