When I visit a V3 onion that supplies a invalid certificate, torbrowser will lookup the onion when the get certifice button is clicked. This may leak the secret onion address. I attached a photo showing the issue.
Trac: Username: Dbryrtfbcbhgf
Start: None
Due: None