Alert: Firefox 65 will Warn you against Man-in-the-Middle-Attack
The Error Message “MOZILLA_PKIX_ERROR_MITM_DETECTED” has been revised to provide More Information in Mozilla Firefox 65
If you’re a regular user of the popular web browser, Mozilla Firefox, there’s a possibility you might have come across an error message called “MOZILLA_PKIX_ERROR_MITM_DETECTED,” which came along during the release of Mozilla Firefox 61.
The idea behind showing this error was to warn users about any program trying to facilitate a man-in-the-middle attack or SSL Stripping. In Firefox 65, that error will provide more detailed information regarding the error, which was lacking in previous versions.
Before we dig into this feature, lets discuss what a MITM (Man-in-the-Middle-Attack) is. Put simply, a MITM Attack occurs anytime an attacker (or even a non-malevolent party) puts itself in the middle of a connection to listen in on, edit or tamper with the original data.
On the other hand, MITM can be considered safe in specific scenarios. Many organizations, conduct MITM scenarios when they’re inspecting their traffic. Sometimes even Antivirus programs can create a MITM during the inspection of web-traffic. For avoiding these types of situations, Firefox 65 has made an update that offers more detailed information about whether a MITM is malicious or a reliable product like your installed antivirus program or even a developer tool such as Fiddler, which is used for HTTP debugging.
The Firefox 61 Error Message, “MOZILLA_PKIX_ERROR_MITM_DETECTED”:
This image above (also courtesy of Bleeping Computer) shows what the error looks like in Firefox 61n. It detected & warned the user regarding any MITM situation, but did not give any insight regarding it, which failed to help users understand whether it’s an actual attack or just the usual business of a trusted program installed on their computer.
Now, as per Firefox 65 the Error Message, “MOZILLA_PKIX_ERROR_MITM_DETECTED” will look like this:
Here’s a screenshot of the error courtesy of Bleeping Computer:
As you can see, you will be able to get a better idea as to the culprit. Here, it displays additional information like the root certificate of Fiddler (secure software used by the developer to debug HTTP) which caused the error to be shown. The main benefit of this update is that users will be able to make their own decision, as it’s quite common for specific software like this or Antivirus software to use their own certificate to scan SSL traffic to detect malicious activity or scripts.
By clicking on “Learn more…” below information is displayed:
Websites prove their identity via certificates, which are issued by certificate authorities.
Firefox is backed by the non-profit Mozilla, which administers a completely open certificate authority (CA) store. The CA store helps ensure that certificate authorities are following best practices for user security.
Firefox uses the Mozilla CA store to verify that a connection is secure, rather than certificates supplied by the user’s operating system. So, if an antivirus program or a network is intercepting a connection with a security certificate issued by a CA that is not in the Mozilla CA store, the connection is considered unsafe.
Error code: MOZILLA_PKIX_ERROR_MITM_DETECTED
If you ever encounter this error message “MOZILLA_PKIX_ERROR_MITM_DETECTED,” it simply means a program or attacker is trying to interfere & listen to the traffic communicated between you & the server.
How to fix Error Message “MOZILLA_PKIX_ERROR_MITM_DETECTED”
The solutions for this error are quite general, as it’s faced by small websites and large organizations as well. The simplest solution is to use a trusted certificate for any middleboxes, edge or network devices that intercept connections purposefully. In other words, it’s good to go if it’s in the list of Mozilla trust store.
On the other hand, if any regular internet user faces this error message, the reason is probably your installed Antivirus software. As per the suggestion of Mozilla, you have to disable the SSL or HTTPS scanning option and then enable it again. By doing so, your antivirus program will add its root certificate to the Mozilla trust store, meaning that in the future this error message will not be shown again, and you will also stay protected as well.
Apart from this, don’t turn off the Antivirus program or the SSL/HTTPS scanning option, as doing so could open the gate to many other online threats.
If the problem continues & your Antivirus program is not the cause, then do a thorough scan to identify what’s causing the interruption with the help of your antivirus to figure out whether it’s malware or adware, which could also be trying to add malicious content.