Security researcher Alexander Kolesnik reported while the
Mozilla platform does not yet support TLS connections to TURN and STUN servers,
the WebRTC implementation would accept turns:
and
stuns:
URIs and then attempt plaintext connections to the servers
when these were used. This can lead to disclosure of credentials through a
Man-in-the-middle (MITM) attack as the connection is not encrypted.