It's worth noting that this isn't actually inconsistent. If your browser does security properly, blog.mozilla.org saying "here, have some malware" doesn't matter because it will be ignored. If it doesn't, one more website serving (functionality-irrelevant) malware makes it that much marginally more painful to keep using a defective browser.

Well, I'm not, but temac is saying that Firefox's Enhanced Tracking Protection is saying that blog.mozilla.org serves malware. I'd call that plausible and presumed true for the sake of discussion but unconfirmed.