>> why would this company report this vulnerability to Mozilla if their product is fingeprinting?

Maybe because is not as serious as them and their title, made it to be? Did you read it fully?

The identifier described is not process lifetime stable, not machine stable, or profile stable, or installation stable. The article itself says it resets on a full browser restart...

So this is not a magic forever ID and not some hardware tied supercookie. Now what should we do with that title, and the authors of it?