So right off the top of my head, two examples of things you're missing:
An SSL handshake bug ... which we've seen before is still entirely possible. You don't need to send a HTTP protocol request for an SSL bug to fuck you over. Unless of course you think Firefox is flawless and bug free ... which we are 100% certain will never be the case.
Its also trivial to continue to leak information by setting up the connection to a particular host without sending the full request based on how the host link is configured.
Simply configure your spam email/site to point to individual IPs and port combos for every email you send, then when viewed in a browser, this presetting up of conditions can still be used for confirmation of email delievery as well as potentially exploiting bugs in the browser, which is a safe bet to exist based on the ignorance of this feature.
And this is why just because YOU don't understand why security works the way it does, doesn't mean you've thought of all the actual scenarios.
Lets see what else: TCP connects cost bandwidth, not much, but some, this is just another example of speculative wastefulness typical with modern programmers who have no consideration about what the costs are of the operation they are performing because it happens so fast in their dev environment they don't notice the cost. On the other hand, a very popular website will now notice a many more idle connections, which are not free, maybe not even cheap, because Firefox is being retarded and forgetting Internet Security 101.
Throw in using a custom DNS hostname for every URL thrown into an email or web page, and now you can easily track hovered over links of the user without them clicking a thing.
You don't go connecting to random machines on the Internet without specific instruction to do so, #InternetSecurity101