The way in which Firefox caches intermediate CA certificates allows a third-party to deduce various details about website visitors and also link advertising profiles to private browsing sessions.
Before we go on, it is important that non-technical users understand what is an intermediate CA certificate.
At the top of the entire HTTPS infrastructure we have root CAs (Certificate Authorities), which are companies such as Comodo, Symantec, DigiSign, and others.
For security reasons, root CAs generate intermediate certificates, instead of using the main root certificate. This way, when an intermediate CA certificate gets compromised, the root CA continues to operate and doesn't have to revoke and replace certificates for all its clients, but only a few.