Mozilla Firefox Certificate Cache Coughs Up Credentials →
Meanwhile, in cruft news...
A Tale of Cruftery
First discovered by security researcher Alexander Klink, and discussed on his shift or die blog, the leakage documentation he has amassed is a tour de force in correct handling of the discovery. Mozilla's response has been a tad lackadaisical and (disappointlingly) still in telemetry data gathering mode as of this post.
The Workaround
Superb work by Alexander; nonetheless, he does suggest regular cleansing your browser user profile (if you are so unlucky as to be using the browser under scrutiny, yet most likely, a good idea on any browser). There are many tools available that deal with the cache cleaning task (both scripted and manual, GUI-based and not, both in-built and otherwise). Enjoy the cruft. H/T