HTTPS prevents someone who is sitting between you and the destination on the network from reading or modifying your transmissions. For example, it prevents your ISP from seeing your MtGox password. Usually, anyone between you and the destination is pretty trustworthy, but this is not the case if you live in a non-free country or if you are using a free proxy like Tor.
This compromise means that all
HTTPS connections are suspect until things are sorted out. Even sites that don't use StartSSL can have their HTTPS broken. Even if MtGox was using Verisign, they would be affected equally.
I recommend installing the Certificate Patrol and Perspectives extensions for Firefox:http://patrol.psyced.org/http://www.networknotary.org/firefox.html
Certificate Patrol warns you whenever a site's certificate changes. This will happen when an attacker tries to exploit a compromised certificate authority like StartSSL. It also happens occasionally for other reasons.
Perspectives asks several notary servers for information about certificates. If the notaries see a different certificate than you do, then there is probably an attack going on. In the settings, use these options:
- Percentage of notaries...: 100
- Days of continuous...: 0
- Contact notaries for all HTTPS sites: yes
- Allow Perspectives to automatically...: no (unless you want to allow Perspectives to stand in for a CA when a site is using a self-signed certificate)