back to article Firefox certificate cache leaks user information

Firefox's intermediate certificate cache can be tricked into leaking to a deliberately mis-configured server, creating yet-another chance to fingerprint users (including those who think they're protected by Private Browsing). The data leak identified by security researcher Alexander Klink could also let a malicious attacker …

  1. MrDamage Silver badge

    Enquirinf minds need to know

    Was there a cry of "Hogannnnnnn!" when Klink found the privacy escape tunnel?

  2. Anonymous Coward
    Anonymous Coward

    Is this not a violation of the protocol handshake? I think it requires to send the whole certificate tree, so Firefox should not accept a request with an incomplete tree.

    1. Anonymous Coward
      Anonymous Coward

      > I think it requires to send the whole certificate tree

      That is not my recollection. Can you provide a reference?

  3. Anonymous Coward
    Anonymous Coward

    Bug.

    There argument resolved.

  4. Cuddles

    Private browsing

    "it even catches CAs from browsers operating in Private Browsing mode, because that mode doesn't isolate the cache"

    I was under the impression that private browsing basically just doesn't save history and cookies locally outside the session. As far as any server the browser communicates with is concerned, there's no difference between private and non-private mode. That mode doesn't isolate the cache because that's not an important part of hiding your porn habits from your family.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like