See ...

Mozilla Patches Certificate Pinning Vulnerability in Firefox

As expected, Mozilla patched a highly scrutinized flaw in its automated update process for add-ons in Firefox, specifically around the expiration of certificate pins.

The vulnerability allowed attackers to intercept encrypted browser traffic, inject a malicious NoScript extension update and gain remote code execution. The flaw extended to the Tor Browser as well; Tor is built from the Firefox code base and was patched last Friday shortly after the bug was disclosed by a researcher known as movrck.

Continued :