Mozilla released Firefox 37 last week and the update contained several powerful new security features. But, the company is backtracking on one of those features after it actually made browsing the Internet less safe. The company just released a new update that every Firefox user needs to install immediately to take care of the problem.
The problem centers on the new opportunistic encryption feature. It was supposed to make using the Internet safer by encrypting sensitive user information that normally would be transmitted without any encryption. However, in practice the tool actually broke SSL certificate validation.
The CVE-2015-0799 bug in Mozilla's HTTP Alternative Services implementation – discovered by security researcher Muneaki Nishimura – left surfers vulnerable to man-in-the-middle attacks that involved hackers impersonating genuine sites.
Mozilla has decided get rid of opportunistic encryption in this new update, so it can iron out the bugs. The new update is officially called Firefox 37.0.1.