Firefox 61, Mozilla introduces warning for MITM attack, Called “MOZILLA_PKIX_ERROR_MITM_DETECTED” which warns the user that a program is trying to initiate a man-in-the-middle SSL attack. In Firefox 65, Mozilla has explained that software, like an antivirus program, can be the cause of this error.
A man-in-the-middle (MiTM) attack means a program adds their own certificate as a certificate authority (CA) in the browser so that it can eavesdrop or sniff, the encrypted SSL communication between the browser and an SSL encrypted website. which allows the program to see traffic between your browser and the site, which includes passwords, entered financial information, or any other data.
MiTM may sound scary but can be used for legitimate reasons like giving antivirus programs the ability to scan the encrypted traffic for malicious content or for HTTP debugging tools, like Fiddler.
There are adware and malware protocols which utilize the method so that they can inject ads or steal transmitted information.
To make it easier to understand and allow users to see what certificates may be attempting to perform a MiTM attack, Firefox has changed the message which is used to describe a MOZILLA_PKIX_ERROR_MITM_DETECTED error.
Earlier in Firefox 64 and below, when a certificate is used in a MiTM attack the browser would show an error stating “Warning: Potential Security Risk Ahead”. which did not provide any real information regarding which certificate is causing the error, as is useless for most users.
In Firefox 65, a new error message has been added that is much more informative and includes information regarding the certificate that is found as performing the MiTM attack. This will allow a user to check if it’s a program they are intentionally using such as antivirus software or a web debugger like Fiddler.
It common for antivirus software to use their own certificates so it can scan SSL traffic for malicious scripts and behavior, so is useful that Firefox now includes information about this AV feature in the error message.
When Firefox continues to display MOZILLA_PKIX_ERROR_MITM_DETECTED errors, you have a program trying to inject their own certificates so that they can eavesdrop on the encrypted web site traffic. The problem is that this certificate is not trusted by Firefox, so it will continue to display this error.
So, When the error is displayed on the web while browsing, one needs to find out which program is using the certificate and ensure data safety.
In such an event, it is better to disable SSL or HTTPS scanning and again enable it, it will allow antivirus software to add its certificate and listen all on SSL connections and not generate a warning.
On the other hand, if you see a certificate which is not from an antivirus vendor, then you need to decide which program is trying to inject the certificate and terminate it. Unfortunately, in case it is adware or malware process, determining what the software is doing which can be difficult and you must perform a scan of your computer using an available antivirus