Saturday, April 11, 2015

Firefox fail: Mozilla reinvents encryption wheel, which promptly falls off

It all started pretty well, with the announcement by Mozilla at the end of last month that the Firefox web browser would make the Internet a safer place by encrypting everything. That's everything, even those connections where the servers don't even support the HTTPS protocol. Developers of the Firefox browser have moved one step closer to an Internet that encrypts all the world's traffic with a new feature that can cryptographically protect connections even when servers don't support HTTPS. The 'Opportunistic Encryption' (OE) feature essentially acts as a bridge between non-compliant plaintext HTTP connections and fully compliant and secure HTTPS ones. Firefox 37 made OE active by default, supposedly protecting sites that hadn't bothered with going through the digital certificate authority process, or which don't fully encrypt everything courtesy of embedded plaintext third party content requirements such as adverts for example. All of which was great, and hard to argue with. Mozilla had done a good thing in helping make the Internet a little more secure through enabling the OE functionality in Firefox. And then, a few days later, this happened: Mozilla Foundation Security Advisory 2015-44. Entitled 'Certificate verification bypass through the HTTP/2 Alt-Svc header' it detailed a critical vulnerability in the Firefox implementation of the HTTP Alternative Services specification. Specifically, this vulnerability meant that if an Alt-Svc header is specified in the HTTP/2 response, SSL certificate verification can be bypassed for the specified alternate server. In other words, any warnings of an invalid SSL certificate wouldn't get displayed so the attacker could then impersonate another site through a man-in-the-middle attack: precisely what OE is meant to prevent.