Firefox Community Forum

At home we have a shared computer with Ubuntu and Firefox as main browser. Each family member has its own Linux user.

We use the functionality of Firefox saving passwords, however we've noticed that these passwords are visible between the Linux users. So, for instance if two of us use the same website, somehow our user/pass get are visible to each other. Is this behavior expected? How can we set FF to make the user/pass visible only to the Linux user who is using it?

Cheers

Subject: OCSP Must-Staple Behavior Observations in Firefox (Including iOS Platform)

Dear Firefox Team,

We have been conducting tests involving certificates with the OCSP Must-Staple extension and would like to share several observations regarding Firefox’s behavior across different platforms:

General Compliance with Must-Staple: On most platforms, Firefox correctly enforces the Must-Staple extension. That is, if a certificate includes the Must-Staple flag and the web server fails to provide a stapled OCSP response, the connection is appropriately terminated.

Unexpected Behavior on iOS: However, we have observed that Firefox on iOS does not appear to enforce this requirement consistently. Even when the server does not provide a stapled OCSP response, the browser still establishes the TLS connection. We are unsure whether this is due to platform limitations or an implementation inconsistency.

Redundant OCSP Requests Despite Stapling: Additionally, we found that Firefox still initiates an OCSP request even when a valid stapled response has already been provided by the server. This behavior not only degrades performance but may also introduce privacy concerns, it contrary to the original privacy and efficiency goals of OCSP Stapling.