Basically it allows someone on the same network (like say on Starbuck wifi) to pose as the target web site to intercept your login information. So you think you are logging in to Bank of America, for example, when you are really logging into the hackers web page made to look like the Bank of America web site and they now have your banking password.
Ordinarily the SSL certificate would tell you the fake cite is not legit, but this recent security flaw allows the hacker to get around that safeguard.