On 06/09/2011 11:48, Devdatta Akhawe wrote:
[...] if I visit
https://www.secure.com in private browsing mode; Firefox makes a OCSP
request. After closing private browsing mode and going back to the
normal mode, if I go to https://www.secure.com then Firefox caches the
OCSP responses and doesn't make a new OCSP request. This seems like a
leak of information that should be disabled. What do others think?
[...]
Yes, it's a bug, it's not the only one, you can report it on bugzilla.
But it might actually be just a specific application of the more generic
bug that the network cache is not properly separated between private and
non-private mode.
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
