"This vulnerability allows the plaintext of secure connections to be calculated by a network attacker," Bodo Möller, of the Google Security Team, wrote in a blog post today. "I discovered this issue in collaboration with Thai Duong and Krzysztof Kotowicz (also Googlers)."
"If a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade dance to work around serve side interoperability bugs."
Mozilla on its part has also announced that it plans to turn off SSL 3.0 in Firefox. "SSLv3 will be disabled by default in Firefox 34," which the company will release next month. The code to disable the protocol will be available tonight via Nightly.