From the Mozilla
advisory: IOActive security researcher Dan Kaminsky reported a mismatch
in the treatment of domain names in SSL certificates between SSL clients
and the Certificate Authorities (CA) which issue server certificates. In
particular, if a malicious person requested a certificate for a host name
with an invalid null character in it most CAs would issue the certificate
if the requester owned the domain specified after the null, while most SSL
clients (browsers) ignored that part of the name and used the unvalidated
part in front of the null. This made it possible for attackers to obtain
certificates that would function for any site they wished to target. These
certificates could be used to intercept and potentially alter encrypted
communication between the client and a server such as sensitive bank
account transactions.
