Leaking DNS requests (FFox + Tor Proxy)
DNSSECValidator does not seem to follow the network.proxy.socks_remote_dns configuration variable (at least not always).
When DNSSEC Validator is enabled, on FFox configured with a TOR proxy and network.proxy.socks_remote_dns set to true (so it should also be true on the Tor Browser), some DNS requests are still made to the default (system) resolver. This leads to information leakage.
Not checked on other browsers.