[SomeCallMeTim]

There was a story I read a while back about a support ticket filed with Mozilla for FireFox complaining about all of these "security warnings" that would pop up at every HTTPS site the user visited.

She was apparently someone who should have known better, but instead was willing to believe that FireFox was just warning her spuriously about valid HTTPS certs -- yes, someone had hacked her computer, and was collecting every bank, credit card, and online shopping password as she fell for an MITM attack over and over.

[martey]

I believe that this is the bug: https://bugzilla.mozilla.org/show_bug.cgi?id=460374

[runningdogx]

In that case, Mallory was a fool. Mallory should have installed the MITM cert in the browser's certificate store, to prevent warnings. How many people routinely audit their browser's SSL cert list?