The author originally made it sound like they just generated the QR code, saved it, and then left it in the downloads folder. Now they are saying the Firefox "recents" feature on the home screen triggered it. This would have to mean the author already visited the link embedded in the QR code. If the author had mentioned that fact, then internet speculation would have probably figured out the real cause a lot earlier.

Though I gotta say, this is still an attack vector that I hadn't considered. If you use a VPN and occasionally rotate IPs, this Firefox "recents" feature can leak your new IP to websites that you previously visited.