Mozilla revealed on Monday that the upcoming Firefox 68 will address TLS issues caused by antiviruses by automatically making changes to the browser’s configuration when a man-in-the-middle (MitM) error is detected.
The problems began in December, when Mozilla released Firefox 65. After the launch of this version, the organization started seeing a significant rise in TLS errors that are often triggered by how security software interacts with Firefox.
Security software in many cases needs to inspect the content of HTTPS connections in order to detect threats, and it does this by installing its own root certificates on the device.
Unlike other web browsers, which rely on the operating system’s root store to determine if a certificate is trusted, Firefox maintains its own list of trusted certificate authorities (CAs). This means that the developers of security solutions need to properly configure Firefox for their software to be able to analyze encrypted traffic.
Firefox is designed to warn users when a potential MitM attack is detected and antiviruses have been increasingly triggering these types of warnings, preventing users from accessing websites over HTTPS.
The problem can be addressed by enabling the “enterprise roots” preference in Firefox, which causes the browser to import any root CAs added to the OS.
Mozilla said it initially considered adding a “Fix it” button to the MitM error pages to make it easy for users to enable the “enterprise roots” option, but ultimately decided to add a mechanism that would automatically enable the option and reload the page whenever a MitM error is detected.
..Support the originator by clicking the read the rest link below.
