Not sure where the right place to report this is, but this seemed like a good starting point…
If I go to the addons website, then select login, after some thinking time I’m presented with an error screen on both Firefox and Chrome, involving a security failure accessing oauth.accounts.firefox.com.
Firefox reports:
Secure Connection Failed
An error occurred during a connection to oauth.accounts.firefox.com. The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden. Error code: MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
And from Chrome:
Your connection is not private
Attackers might be trying to steal your information from oauth.accounts.firefox.com.
NET::ERR_CERT_COMMON_NAME_INVALID
In short, your secure connections haven’t necessarily been compromised, but there was something in the middle (in your router) tampering with them and breaking that security test.