silversurfer

Level 51
Verified
Trusted
Content Creator
Malware Hunter
After more than six months of constant problems with antivirus software meddling with Firefox's configuration and certificate store only to crash HTTPS websites, Mozilla announced today a final solution for this long-pressing issue.

According to Mozilla Certificate Authority Program Manager Wayne Thayer, starting with Firefox 68, the browser will automatically enable an about:config preference that will make it less likely that antivirus software crashes an HTTPS page.

The preference is "security.enterprise_roots.enabled", which starting with Firefox 68, the browser will set to true if it detects a "Man-in-the-Middle" TLS error, which is the typical error specific to antivirus software trying (and failing) to intercept a connection to an HTTPS website.

When this setting is enabled, Firefox will automatically import all the root certificates that have been added on top of the default root certificates included with the operating system.These additional root certificates are usually the certificates installed by other applications, including antivirus software.

Because Firefox uses its own root certificate store that contains a list of "approved certificates" that is different from the list managed by the operating system, antivirus software needs to add its certificate to Firefox to be allowed to intercept HTTPS traffic carried out inside Firefox and check for malware or bad URLs.