Firefox is not clearing HSTS "cookies" when closed after a private session
Solution 1:
HSTS cookies are special. They tell your browser that that site should always be connected with https. They do have an expiry date and they will expire on that date, if you visit that site before expiry then the site could update the cookie expiry date.
This what should happen, it is not a fault.
The reason is that this is protecting you against a man in the middle attack, that could be intercepting all of your traffic. They could change the code in the pages sent from the site to change all the https:// into http:// and you browser would just accept that. So when you are entering your password that traffic will be sent in the clear.
The rush to move to using https:// by sites left this hole, and HSTS was the solution. So if you ever connected to that site securely then it would set the HSTS cookie, and your browser would insist on using https:// for every connection even if the html said http://