I've seen requests passed to Google, which is how I noticed it in the first place.
This source appears to show at least for downloads the browser is sending data to the API: "From Firefox 32 on, downloads are checked against the local list and a remote list if the local list does not return a hit."
>These lookups are Windows-only, because we rely on signature information in order to suppress remote lookups and signature APIs are only available on Windows. If the binary is unsigned or its signature does not match a known good publisher and the filename ends in a known executable extension, Firefox sends a remote lookup to the application reputation service.
This is more precise than your post including the quote.
This source appears to show at least for downloads the browser is sending data to the API: "From Firefox 32 on, downloads are checked against the local list and a remote list if the local list does not return a hit."
SOURCE: http://www.ghacks.net/2014/07/23/prevent-firefox-sending-dow...