As a proof-of-concept exploit, the researchers managed to sign a message with the private key of the facebook.com HTTPS certificate.