Mozilla will patch zero-day Firefox bug to fiddle man-in-the-middle diddle [theregister.co.uk]

"Firefox uses its own static key pinning method for its own Mozilla certifications instead of using HPKP. The enforcement of the static method appears to be much weaker than the HPKP method and is flawed to the point that it is bypassable in this attack scenario."

Mozilla will push the fix into its stable release version on 20 September.