HTTP .onion sites inherit previous page's certificate information
Seems to be an edge case from the #23247 (moved) patch. To reproduce:
- Navigate to a vanilla or .onion HTTPS site
- From same tab, navigate to a .onion HTTP site
The HTTP .onion will have the onion+lock icon, and the Page Info pane will be full of the previous HTTPS site's certificate information.