The "opportunistic encryption" feature added to Firefox last week has been disabled to fix a critical security bug that allowed malicious websites to bypass HTTPS protections, Mozilla officials said.
Now, Mozilla developers have disabled opportunistic crypto in the just-released Firefox 37.0.1 after they discovered that the implementation released last week introduced a critical bug. The vulnerability, which resides in functionality related to opportunistic crypto, in some cases gave attackers an easy way to present fake TLS certificates that wouldn't be detected by the browser. The flaw in the HTTP alternative services implemented in version 37 could be triggered by a malicious website by embedding an "Alt-Svc" header in the responses sent to vulnerable visitors. As a result, warnings of invalid TLS certificates weren't displayed, a shortcoming that allowed attackers with a man-in-the-middle position to impersonate HTTPS-protected sites by replacing the original certificate with their own forged credential.
"There was a Firefox implementation problem with Alt-Svc," Chad Weiner, Mozilla's director of product management, wrote in a statement sent to Ars. "Opportunistic Encryption is a related, but separate, feature that depends on Alt-Svc. Opportunistic Encryption was disabled because of its use of Alt-Svc. We plan to re-enable this feature once weve had time to fully investigate the issue."
Mozilla provided a bare-bones description of the vulnerability here. In a post published Tuesday, the Sophos Naked Security blog offered a more thorough description of the bug and the risk it posed:
A security researcher worked out a way to bypass HTTPS certificate validation if a web server redirected you via the Alt-Svc header.
That's very bad, and here's why.
If you had a phishing site that pretended to be yourbank.example, and handled HTTP connections directly, you'd have difficulty presenting a legitimate-looking connection.
You'd either have to use HTTP and hope your victims wouldn't notice the lack of a secure connection, or use HTTPS and hope they wouldn't notice the certificate warnings telling them that you probably weren't the lawful owner and operator of the yourbank.example domain.
Some users would probably end up getting tricked anyway, but well-informed users ought to spot the ruse at once, and remove themselves from harm's way.
But this Alt-Svc bug could be used by crooks to redirect victims to a secure connection (thus making the connection "look right") without producing a certificate warning to say that the site looked like an imposter.
Original post:
Firefox disables “opportunistic encryption” to fix HTTPS-crippling bug