Not quite, or for just mobile hand held devices. The problem is in the way the websites can force any browser to use the encryption of choice on the website. . . and downgrade it. The reason it may be more dangerous to mobile devices is because it requires a "man-in-the-middle" interception attack to be utilized and they are more likely to be in a position to be exposed to such an attack such as in a coffee shop, hotel, airport, etc. . . but so are laptops from any platform.
This would allow hackers to conduct what experts call a “man-in-the-middle” attack to make seemingly encrypted traffic easy to read. Such attacks can be launched by anybody who has access to Internet traffic, including governments, employers, Internet providers and coffee shops or airports that offer wifi hotspots.
Apple's Safari in both mobile iOS and desktop OS X versions will notify users if the "secure" website does not have a proper certificate. . . or does not have the correct URL, i.e. is a Man-in-the-middle exploit, so I cannot see this would work with Safari either. . . unless the user told Safari to go ahead and connect, despite the warning. Yes, the browser probably would devolve down to the lower grade encryption, but would it recognize the secure HTTPS website as being authentic, which is required FIRST for the man-in-the-middle attack to work.
The alternative is for the secure, authentic website to be deliberately malicious in the first place and untrustworthy, designed to hack into the device. . . and that would work. THAT does need to be fixed so the browsers will never step down. However, I notice that the 512 bit key of this antique system still requires around seven hours to break. . . and that means the user would have to remain connected to the malicious website for more than seven hours for the hacker to gain access and get any information. How many of us stay on any website except perhaps FreeRepublic for more then seven hours at a time?
Problem is, I follow links from FR to the source web pages of articles. And then often am not fastidious about closing tabs. Would this danger occur if I’m not in a putatively secure web page?
LOL. Maybe not on my mobiles, although the iPad gets left at home where it may stay connected for days at a time. My home desktops are not uncommonly on for days at a time, browsers up.
But oh, my desktops at work? Work is on 24x7x365 with multiple browser windows each with multiple tabs loaded. Of course, that's work stuff, not FR, but you get my drift.
If they capture the packets, they can crack the key and replay the session at their leisure.