OpenSSL has a bug, the bounds checking for one of the variables were incomplete. This bug is related to the heartbeat feature to check for the existence of a client. This XKCD comic is a very popular way of explaining how it works.
Heartbleed Explanation
What it gives out, unfortunately is everything. Server private keys and othr user sessions. All without being logged!
So now websites that use OpenSSL, the admins are busy patching their servers, regenerating private keys. If anyone has a copy of the server private keys, they can decrypt any stored SSL traffic. Leading to some observers to call for serious discussion about the implementation of Perfect Forward Security. This is of course not without its additional encryption overhead.
Soon you will need to have a browser plug in or extension to detect Heartbleed bug in the websites that you access. This is for Firefox and Chrome, link