Mozilla has temporarily reinstated support for a vulnerable cryptographic algorithm after some Firefox users were unable to access encrypted HTTPS websites.
The browser maker blamed the unintended consequence of deprecating support for SHA-1 certificates on man-in-the-middle devices, such as security scanners and anti-virus products.
In a blog post
, security engineer Richard Barnes explained that most Firefox users aren't affected, and those who are can simply upgrade to the latest version of Firefox -- version 43.0.4
, released on Wednesday -- to fix the problem.
"When a user tries to connect to an HTTPS site, the man-in-the-middle device sends Firefox a new SHA-1 certificate instead of the server's real certificate," Barnes explained.
"Since Firefox rejects new SHA-1 certificates, it can't connect to the server," he added.
The good news is that you can tell if you're affected by visiting Mozilla's security blog
. If you are, you can upgrade from its website
The bad news is that this wasn't exactly unexpected...