News like this makes me frustrated. Out-of-the-box, Pale Moon doesn't support, for example SSL3 because it's not secure. But guess what, my bank uses it still. So I have to disable security features in my browser so that I can go on doing business. None of the browser updates in the world will help if the effect is broken websites, so people have to set up security exceptions (and security exception or policy changes have to be permitted, because otherwise users get PO'd at the browser, NOT the server). And you get into a habit of clicking "Allow" any time it asks (much like windows security prompts). Which is the same as no security at all.
Practically speaking, people don't know--or care--what sort of security websites use. It just better work. But the burden is on server admins to get it fixed, so browsers can stop supporting vulnerable technologies without making everybody angry.