This has been going for awhile. Though I don't think it's necessarily associated with this Xenforo upgrade. Something I've only witnessed happening periodically only with Firefox. Using Windows the recently upgraded version of Firefox I'm on is version 103.0.2.
I don't recall this issue with Firefox using Linux Mint 20.3, though with Mint, they use a proprietary version of Firefox that doesn't correspond to the same version number as does with Windows. It's just weird when I see something being downloaded in real time while using Firefox that I did not authorize. Weirder still is a cryptic file name and html extension where there are no contents that goes straight to my downloads directory.
One thing I can't help wonder about is whether or not there is something unintentionally and externally linked to a URL with potentially hostile intentions. Something my security software has detected and logged on very rare occasions.A function that may not be the result of Xenforo at all. But I can only speculate.
More often than not, when I see something that comes in without any content my first impression is usually that it is something that is deliberately filtered out as a security concern. Leaving only a file name with no payload. But whether it's my security software, the OS or my browser that might be doing such filtering, I cannot say.
In my own case it hasn't happened in a while. But the next time I catch it, I'll post as such.