I managed to easily reproduce this:
[Mon Mar 27 12:31:56 2023] audit: type=1400 audit(1679916718.256:598): apparmor="DENIED" operation="open" class="file" profile="snap.firefox.firefox" name="/etc/fstab" pid=3791195 comm="firefox" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
I just installed Firefox, ran through the startup wizard, browsed to a page and then used the menu "File -> Save Page As" to trigger the event.
Two things to note, Firefox didn't read /etc/fstab because the AppArmor rules stopped it (hence "DENIED" in the error). Secondly, this isn't unique to Firefox. I installed the "Musicpod" application and it does the same thing when selecting a folder for music.
[Mon Mar 27 12:37:25 2023] audit: type=1400 audit(1679917047.146:637): apparmor="DENIED" operation="open" class="file" profile="snap.musicpod.musicpod" name="/etc/fstab" pid=3793570 comm="musicpod" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
Looks to me like the application (or the GTK File Chooser) is merely trying to figure out all the mounted filesystems so it can present them in the file chooser dialog. Nothing sinister, or anything to worry about.
That said, it's possible to disable logging, not just for that action, but all actions, should you wish.
sudo apt install auditd
sudo auditctl -a exit,never -F exe=/snap/firefox/current/usr/lib/firefox/firefox
Tested here, and it completely suppresses the output from apparmor in the syslog.
