Firefox disables 'opportunistic encryption' to fix HTTPS bypass bug

Mozilla has disabled an "opportunistic encryption" feature added to its Firefox browser last week, in order to fix a critical security flaw that allowed attackers to bypass HTTPS protections.

The company last week released Firefox 37, which came with a new feature allowing connections to be encrypted even if a server didn't support HTTPS.

This so-called "opportunistic encryption" acted as a bridge between plaintext HTTP and HTTPS connections based on either transport layer security (TLS) or the older secure sockets layer protocol.

It allowed website owners who are unable to fully encrypt their sites through traditional web-based encryption measures to have their data encrypted over TLS where it otherwise would have been carried in clear text.

The feature was well-received due to its potential to make it harder for attackers to spy on or hack into communications of end users.

But Mozilla developers have now disabled opportunistic encryption in Firefox 37 after discovering that the feature had introduced a critical bug.

The flaw - which resided in HTTP alternative services, or Alt-Svc - was found in some instances to give attackers the ability to get around protections by presenting a fake TLS certificate.

It could be triggered by a malicious website embedding an "Alt-Svc" header in the responses sent to vulnerable visitors, meaning warnings of invalid TLS certificates would not be displayed by the browser.

Attackers could then potentially impersonate an HTTPS-protected site through a man-in-the-middle (MITM) position, replacing the original certificate with their fake credential.

"That's very bad, and here's why," Sophos' Paul Ducklin wrote.

"If you had a phishing site that pretended to be yourbank.example, and handled HTTP connections directly, you'd have difficulty presenting a legitimate-looking connection.

"You'd either have to use HTTP and hope your victims wouldn't notice the lack of a secure connection, or use HTTPS and hope they wouldn't notice the certificate warnings telling them that you probably weren't the lawful owner and operator of the yourbank.example domain.

Ducklin said well-informed users should be able to quickly spot the ruse, but the bug could be used by attackers to redirect victims to a secure connection without producing a certificate warning.

"In other words, even a well-informed user might accept a phishing site as the real thing," he wrote.

"The good news is that the bug was quickly found, and just as quickly fixed, with Firefox 37.0.1 coming out over the Easter weekend."

Firefox users should upgrade to Firefox 37.0.1 as soon as possible, Ducklin said.