You can find more info on the privacy.file_unique_origin change here: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730
A separate profile is always a good idea for risky behaviors, but if it is using the same set of folders to load local files, I’m not sure it would mitigate this one.