Bugzilla site holds a wild card SSL certificate that also is valid on Mozilla.org. The bug was related to the way that the sites responded to certain requests from client machines when the clients specify an incorrect HTTP host header. Mozilla has fixed the bug by changing the way the servers handle those requests. Attack could have been exploited to execute a man-in-the-middle attack against an unsuspecting user, Mozilla s Michael Coates wrote. In the attack scenario, an attacker could use a dns rebinding style attack to cause this header mismatch on a request for JavaScript made by the primary page.
Source: https://threatpost.com/mozilla-fixes-site-error-handling-bug-112210/74698/