Skip to main content

Firefox will soon warn you about the Man-in-the-Middle

Firefox will soon warn you about the Man-in-the-Middle

Firefox 65 will provide users with more information when something gets in the middle of their connection

Mozilla will now give its users more information when a Man-in-the-Middle scenario occurs with the release of Firefox 65. Previously, the browser had issued a warning when a MITM occurred, but failed to give much insight into what was happening.
That’s all about to change.
With the release of Firefox 65, users will now get more information about who may be attempting a MITM.
So today we’ll discuss this new feature, Man-in-the-Middle scenarios in general and how this may impact your organization.
Let’s hash it out.

Should we refer to Man-in-the-Middle as an attack?

If you’re a regular reader you know we talk about Man-in-the-Middle scenarios quite a bit. We’ve covered what MITM is. We’ve covered how easy it is to pull one off. Now let’s discuss whether or not it’s really accurate to refer to this as an “attack.”
And the answer is not always.
While it certainly constitutes an attack when a malicious actor gets in the middle of a connection—the Man-in-the-Middle isn’t always a bad guy. A lot of times, especially with large companies and enterprises, it’s actually just that organization itself, either inspecting HTTPS traffic or load balancing.
There are also antivirus programs that can get in the middle of a connection to inspect encrypted traffic for anything malicious.
Of course, there are also plenty of nefarious things that can be done in a MITM scenario, too. There are the obvious risks with eavesdropping, spoofing, etc. But there are also adware programs, and even some malware, that inject content – typically ads – and compromise the integrity of whatever site you’re trying to visit.
At any rate, referring to a Man-in-the-Middle scenario categorically as an attack feels a little obtuse. It can be an attack, or it could be something completely legitimate.
That’s why Mozilla is giving its users more information.


In Firefox 61, Mozilla added a new error message: MOZILLA_PKIX_ERROR_MITM_DETECTED. It warned users when a MITM scenario was occurring, but it didn’t really provide much information beyond that.
Here’s a screenshot of the error courtesy of Bleeping Computer:

Firefox 65 will provide users with far more information on the scenario. You’ll now be able to get details from the certificate that’s facilitating the MITM. This will give Firefox users a better handle on whether the MITM is malicious, or just the product of an antivirus program or, as shown in the warning below (also courtesy of Bleeping Computer), an HTTP debugger like Fiddler.

 If you choose to click “Learn More…” You’re provided with the following:
Websites prove their identity via certificates, which are issued by certificate authorities.
Firefox is backed by the non-profit Mozilla, which administers a completely open certificate authority (CA) store. The CA store helps ensure that certificate authorities are following best practices for user security.
Firefox uses the Mozilla CA store to verify that a connection is secure, rather than certificates supplied by the user’s operating system. So, if an antivirus program or a network is intercepting a connection with a security certificate issued by a CA that is not in the Mozilla CA store, the connection is considered unsafe.
[View Certificate]

How will MOZILLA_PKIX_ERROR_MITM_DETECTED affect my organization?

This section could probably also be called, “how to fix MOZILLA_PKIX_ERROR_MITM_DETECTED,” but the advice will be a bit more general so it can be more applicable to all kinds of organizations.
And here’s the thing, as long as you use a trusted certificate on any edge devices or middle boxes that intercept connections, you’ll be fine. Mozilla is looking for certificates that don’t chain back to one of the roots in its trust store.
Now, if you’re a regular internet user and you’re getting this error, the most common culprit is going to be your antivirus program. Mozilla recommends disabling SSL or HTTPS scanning and enabling it again. That should let your antivirus program add its root to Mozilla’s trust store so that it can continue protecting you without getting flagged with MOZILLA_PKIX_ERROR_MITM_DETECTED.
Do not, under any circumstances, leave SSL or HTTPS scanning off. Also, don’t leave your antivirus program off, either. These are some of your best lines of defense against the threats on the internet, you need them working for you.
If your problem persists, and it’s not the antivirus program, you’re going to need to find what is interrupting your connections. This is where running a full scan using said antivirus program should help identify any malware or adware that could be injecting ads or malicious content.
As always, leave any comments or questions below…


Popular posts from this blog

How to Get Paid to Play Video Games on Twitch

IntroductionDoes anyone sit and watch people playing video games all day? Yes, millions of people actually do. Over 15 million viewers daily visit live streaming sites like Twitch to watch games, tournaments, talk shows, casual solo sessions, and more. Just like YouTubers, Twitch streamers are a new breed of online celebrities with legions of dedicated fans who tune in to the platform to watch their favorite streamers. Many of these personalities have reputed sponsors and millions of fans in both Twitch and social media. While not all make it to the NFL and NBA, anyone with a modern game console and passion of gaming, can be a Twitch streamer. What is the best thing about being a Twitch streamer? Of course, you are doing what you love and you have the celebrity status. Is that all enough? Twitch streaming is not just for entertainment; it is an excellent way to earn money online. If you are addicted to gaming and have a combination of other skills like good communication, business skil…

Protecting Multiple Domains and Sub-domains

Protecting Multiple Domains and Sub-domains Simplify and Save with Future-proofSSL Solutions
As your organization grows, chances are you’ll add domains and sub-domains. We know how challenging—not to mention expensive—it can be to try and keep track of multiple SSL Certificates, possibly bought from different providers, issued by different Certificate Authorities (CAs)and all expiring at different times. Not to worry—there are solutions specifically designed to simplify your life and save you money. Before we dive into these solutions, let’s cover a few basics.

Safe Online Shopping (for Idiots!) – Don’t get scammed this holiday season!

Safe Online Shopping (for Idiots!) – Don’t get scammed this holiday season!
An idiot’s guide to safe online shopping. You know, for your friends. As we approach the holidays, let’s talk about some safe online shopping tips – for idiots. Around the world, November and December are the peak months for online shopping. In Asia, November 11th, or 11/11, is Singles’ Day – the largest single online shopping day in the world. And in the West, Black Friday and Cyber Monday – as well as the entire lead up through Christmas on December 25th – bring a steady stream of shoppers through e-commerce storefronts and digital marketplaces for a solid month.
I could waste a paragraph waxing poetic about how the crowds and inconvenience of interacting with other human beings in a mall or brick-and-mortar retail location is loathe to our modern day, digital sensibilities and that as a result online shopping has become ubiquitous – but you already know that. You also already know that safe online shopping…