The “opportunistic encryption” feature added to Firefox last week has been disabled to fix a critical security bug that allowed malicious websites to bypass HTTPS protections, Mozilla officials said.
The bug was introduced in Firefox 37, which was released last week and introduced a new feature that could encrypt Web connections even when servers didn’t support HTTPS protocols. While opportunistic encryption lacks some of the crucial protections of the transport layer security protocol, it was still hailed by many as a watershed moment that moved the world closer to an Internet where all data receives end-to-end encryption. That in theory could make it harder for criminal and state-sponsored adversaries to monitor or manipulate the communications of end users.
Now, Mozilla developers have disabled opportunistic crypto in the just-released Firefox 37.0.1 after they discovered that the implementation released last week introduced a critical bug. The vulnerability, which resides in functionality related to opportunistic crypto, in some cases gave attackers an easy way to present fake TLS certificates that wouldn’t be detected by the browser. The flaw in the HTTP alternative services implemented in version 37 could be triggered by a malicious website by embedding an “Alt-Svc” header in the responses sent to vulnerable visitors. As a result, warnings of invalid TLS certificates weren’t displayed, a shortcoming that allowed attackers with a man-in-the-middle position to impersonate HTTPS-protected sites by replacing the original certificate with their own forged credential.