Vulnerability Forces Mozilla to Disable Opportunistic Encryption in Firefox

Type threatpost
Reporter Dennis Fisher
Modified 2015-04-09T16:40:56


Less than a week after introducing the new opportunistic encryption feature in Firefox, Mozilla has had to disable it because of a security vulnerability in the browser’s implementation of the HTTP Alternative Services specification.

The bug puts a kink in the new feature, which was designed to allow clients to connect securely to a server that doesn’t support HTTPS. Opportunistic encryption was included in the release of Firefox 37, which Mozilla pushed out on March 31. It is meant to be a defense against some forms of passive monitoring, especially those executed through man-in-the-middle attacks.

But on April 3, Mozilla released Firefox 37.01, a minor maintenance release of the browser that disables opportunistic encryption as a result of a vulnerability related to certificate verification.

“If an Alt-Svc header is specified in the HTTP/2 response, SSL certificate verification can be bypassed for the specified alternate server. As a result of this, warnings of invalid SSL certificates will not be displayed and an attacker could potentially impersonate another site through a man-in-the-middle (MTIM), replacing the original certificate with their own,” the Mozilla advisory says.

Large Internet companies have been focusing on encrypting more and more of their services in the last couple of years in the face of revelations about pervasive government monitoring and surveillance. Google, Yahoo and many others have made major upgrades to their encryption practices, and browser vendors have been making some of the same moves, as well. Mozilla’s addition of opportunistic encryption to Firefox is an effort to move in this direction, helping to secure connections for organizations that haven’t deployed HTTPS for various reasons.

“OE provides unauthenticated encryption over TLS for data that would otherwise be carried via clear text. This creates some confidentiality in the face of passive eavesdropping, and also provides you much better integrity protection for your data than raw TCP does when dealing with random network noise. The server setup for it is trivial,” Patrick McManus of Mozilla wrote in a post.