I see you’re incurring in some misconceptions here.
Snap is not lying to you when it says all your snaps are up to date; problem lies in your interpretation of “up to date”. When refreshing, Snap contact the store on internet and checks that versions of all packages you have installed on your machine matches the most current one on the store. Whether this means that a specific package on the store have or haven’t been patched for some vulnerability is the responsibility of the publisher, not Snap.
This is, in essence, no different from other very known package managers (in their default configs) such as Apt and Yum. In the end, they check versions of your installed packages with distribution packages - and that not necessarily means distribution’s are the newest, upstream patched versions. Main difference, when it comes to Snap, is that the figure of “publisher” is very different (in general) from Apt or Yum: in the latters, publisher means distro maintainers, as on Snaps it generally means upstream directly or package creator, and those might not have any connection with distro at all.
In your specific case, whene Mozilla (the publisher of Firefox Snap) releases a patched version of the package, youl’ll get it.
For the second point: you don’t even need to check for it yourself, as Snap does this several times a day and updates automatically. In fact, many people hate this so called “Windows behavior” of auto update, but you can disable this if you want (this toggle is somewhat recent, but it’s there).
If you want to check your system against know vulnerabilities, there may have free tools to help with this, but that’s outside of package managers scope (generally speaking).
Hope to have helped.