Months ago I'd disabled SPDY in Firefox to ensure continued correct Proxo filtering. Looks like an even better decision now.
CRIME works only when both the browser and server support TLS compression or SPDY
Microsoft's Internet Explorer, Google's Chrome and Mozilla's Firefox browsers are all believed to be immune to the attack, but at time of writing smartphone browsers and a myriad of other applications that rely on TLS are believed to remain vulnerable.
Representatives from Google, Mozilla, and Microsoft said their companies' browsers weren't vulnerable to CRIME attacks. Both Google and Mozilla released patches after the weaknesses were privately reported by Juliano Rizzo and Thai Duong, the researchers who devised the CRIME exploits. Internet Explorer was never vulnerable because it never supported SPDY (pronounced "speedy") or the TLS compression scheme known as Deflate.
Even when a browser is vulnerable, an HTTPS session can only be hijacked when one of those browsers is used to connect to a site that supports SPDY or TLS compression.