Comment 6 for bug 712584

I think the way to solve this is for either apparmor or firefox to ship /etc/apparmor.d/abstractions/ubuntu-browsers.d/nvidia with the 3 needed entries:
  /dev/nvidactl rw,
  /dev/nvidia0 rw,
  /proc/interrupts r,

Then have the firefox.postinst.in have the following line when creating /etc/apparmor.d/abstractions/ubuntu-browsers.d/$APPNAME (this will have to be conditionally added if this include file is shipped in apparmor):
#include <abstractions/ubuntu-browsers.d/nvidia

This will make it so that new installs will get the nvidia abstraction, but people can opt out of it using 'aa-update-browser'.