Enquirinf minds need to know
Was there a cry of "Hogannnnnnn!" when Klink found the privacy escape tunnel?
Firefox's intermediate certificate cache can be tricked into leaking to a deliberately mis-configured server, creating yet-another chance to fingerprint users (including those who think they're protected by Private Browsing). The data leak identified by security researcher Alexander Klink could also let a malicious attacker …
"it even catches CAs from browsers operating in Private Browsing mode, because that mode doesn't isolate the cache"
I was under the impression that private browsing basically just doesn't save history and cookies locally outside the session. As far as any server the browser communicates with is concerned, there's no difference between private and non-private mode. That mode doesn't isolate the cache because that's not an important part of hiding your porn habits from your family.