Opened a PDF with a link in Document Viewer, clicked the link, saw the attached failure.
Could you also check if other areas within AppArmor require forks we use? Or if there are other applications that require browser specific tasks to include PureBrowser? (a simple grep maybe?)
The reason this was fixed by forking apparmor (not including an apparmor snippet with purebrowser package) was to address generally the need of application needing access to browser to also be granted that for PureBrowser.
I am unaware of any other current deviations of ours requiring modifications to AppArmor, but lack a complete picture yet of how exactly our system deviates from Debian: from our end we track only the parts we deviate _and_ lag behind (see T367#6535) and at from Debian end tracking is blocked by lack of funding for disk space (last - possibly incomplete - data is from 2018-01-05: http://deriv.debian.net/Purism/).