silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,154
After more than six months of constant problems with antivirus software meddling with Firefox's configuration and certificate store only to crash HTTPS websites, Mozilla announced today a final solution for this long-pressing issue.
According to Mozilla Certificate Authority Program Manager Wayne Thayer, starting with Firefox 68, the browser will automatically enable an about:config preference that will make it less likely that antivirus software crashes an HTTPS page.
The preference is "security.enterprise_roots.enabled", which starting with Firefox 68, the browser will set to true if it detects a "Man-in-the-Middle" TLS error, which is the typical error specific to antivirus software trying (and failing) to intercept a connection to an HTTPS website.
When this setting is enabled, Firefox will automatically import all the root certificates that have been added on top of the default root certificates included with the operating system.These additional root certificates are usually the certificates installed by other applications, including antivirus software.
Because Firefox uses its own root certificate store that contains a list of "approved certificates" that is different from the list managed by the operating system, antivirus software needs to add its certificate to Firefox to be allowed to intercept HTTPS traffic carried out inside Firefox and check for malware or bad URLs.
Firefox finally fixes the problems with antivirus apps crashing HTTPS websites
Fix planned for next week, with the release of Firefox 68.
www.zdnet.com
Fixing Antivirus Errors – Mozilla Security Blog
After the release of Firefox 65 in December, we detected a significant increase in a certain type of TLS error that is often triggered by the interaction of antivirus software ...
blog.mozilla.org