Comment 3 for bug 1377194

An additional issue that’s related to the implementation of the whitelist for invalid certificates that have been overridden for the duration of the session: the whitelist is stored on the webview, so if I open a URL for which the certificate has been previously whitelisted in a new tab, I will get the security warning page again. The whitelist should be stored on the browser object instead, so that all webviews share it for the duration of the session.