Mozilla will start to warn Firefox users for man-in-the-middle attacks on encrypted connections in the next version of the browser. The browser developer announced the upcoming feature in the “These weeks in Firefox” blog post series on its website. The man-in-the-middle warning will only show when users visit an HTTPS website with Firefox, and when other software tries to intercept the connection.
Many antivirus applications use a man-in-the-middle method to be able to inspect encrypted connections. This allows the antivirus software to intercept malicious behavior before it can do harm in the browser. To makes this possible, antivirus vendors install their own root-certificate. However, the same method can be used by attackers to eavesdrop on the connection and by adware to insert advertisements into HTTPS websites.
Firefox users will now be warned if there is software on their system that uses a man-in-the-middle method to inspect or modify encrypted traffic. Users will see a certificate warning stating, “MOZILLA_PKIX_ERROR_MITM_DETECTED.”
When that warning is shown, an used certificate hasn’t been issued by a Firefox trusted certificate authority and therefore the browser doesn’t trust it by default. Together with the warning, users will have the possibility to leave the page, or make an exception for the certificate. The latter is the only possibility for users who want to continue to use their antivirus product of choice.
However, Mozilla advises users to not use any antivirus software or internet security suite that intercepts encrypted connections. The browser developer advises to delete these applications and to switch to security software from Microsoft such as Security Essentials and Windows Defender which comes by default with Windows 8.1 and Windows 10. Users who don’t want to switch can also opt to turn of the interception of encrypted traffic. Mozilla provides instructions for several antivirus applications on its website.
The man-in-the-middle will start to show from Firefox 66 which is scheduled for mid-March.
Firefox is not the first browser that warns for man-in-the-middle situations, Google Chrome does the same since version 63.