Before you read the entire article we have a quick navigation for you, feel free to jump on respective.
Firefox has been one the most used browsers across the globe. They have been constantly working on making the browser safer place for users. One of the recent updates has focused on making its users’ aware about any MITM attacks.
Firefox 61, Mozilla introduces warning for MITM attack, called “MOZILLA_PKIX_ERROR_MITM_DETECTED” which warns the user that a program is trying to initiate a man-in-the-middle SSL attack. In Firefox 65, Mozilla has explained that software, like an antivirus program, can be the cause of this error.
A man-in-the-middle (MITM) attack means a program adds their own certificate as a certificate authority (CA) in the browser so that it can eavesdrop or sniff, the encrypted SSL communication between the browser and an SSL encrypted website. This allows the program to see traffic between your browser and the site, which includes passwords, entered financial information, or any other data.
Video Credits: CyberShaolin
MITM attack may sound scary but can be used for legitimate reasons like giving antivirus programs the ability to scan the encrypted traffic for malicious content or for HTTP debugging tools.
There are adware and malware protocols which utilize the method so that they can inject ads or steal transmitted information.
To learn more about this error CLICK HERE
To make it easier to understand and allow users to see what certificates may be attempting to perform a MiTM attack, Firefox has changed the message which is used to describe a MOZILLA_PKIX_ERROR_MITM_DETECTED error.
Earlier in Firefox 64 and below, when a certificate is used in a MITM attack the browser would show an error stating “Warning: Potential Security Risk Ahead”. which did not provide any real information regarding which certificate is causing the error, as is useless for most users.
In Firefox 65, a new error message has been added that is much more informative and includes information regarding the certificate that is found as performing the MITM attack. This will allow a user to check if it’s a program they are intentionally using such as antivirus software or a web debugger like Fiddler.
It common for antivirus software to use their own certificates so it can scan SSL traffic for malicious scripts and behavior, so is useful that Firefox now includes information about this AV feature in the error message.
When Firefox continues to display MOZILLA_PKIX_ERROR_MITM_DETECTED errors, you have a program trying to inject their own certificates so that they can eavesdrop on the encrypted web site traffic. The problem is that this certificate is not trusted by Firefox, so it will continue to display this error.
Generally third-party antivirus software can interfere with Firefox’s secure connections. We recommend uninstalling your third-party software and using the security software offered for Windows.
If you are using antivirus products then you can check this step by step guide to help you troubleshoot this error.