Skip to main content

Firefox will soon warn you about the Man-in-the-Middle

Firefox will soon warn you about the Man-in-the-Middle

Firefox 65 will provide users with more information when something gets in the middle of their connection

Mozilla will now give its users more information when a Man-in-the-Middle scenario occurs with the release of Firefox 65. Previously, the browser had issued a warning when a MITM occurred, but failed to give much insight into what was happening.
That’s all about to change.
With the release of Firefox 65, users will now get more information about who may be attempting a MITM.
So today we’ll discuss this new feature, Man-in-the-Middle scenarios in general and how this may impact your organization.
Let’s hash it out.

Should we refer to Man-in-the-Middle as an attack?

If you’re a regular reader you know we talk about Man-in-the-Middle scenarios quite a bit. We’ve covered what MITM is. We’ve covered how easy it is to pull one off. Now let’s discuss whether or not it’s really accurate to refer to this as an “attack.”
And the answer is not always.
While it certainly constitutes an attack when a malicious actor gets in the middle of a connection—the Man-in-the-Middle isn’t always a bad guy. A lot of times, especially with large companies and enterprises, it’s actually just that organization itself, either inspecting HTTPS traffic or load balancing.
There are also antivirus programs that can get in the middle of a connection to inspect encrypted traffic for anything malicious.
Of course, there are also plenty of nefarious things that can be done in a MITM scenario, too. There are the obvious risks with eavesdropping, spoofing, etc. But there are also adware programs, and even some malware, that inject content – typically ads – and compromise the integrity of whatever site you’re trying to visit.
At any rate, referring to a Man-in-the-Middle scenario categorically as an attack feels a little obtuse. It can be an attack, or it could be something completely legitimate.
That’s why Mozilla is giving its users more information.


In Firefox 61, Mozilla added a new error message: MOZILLA_PKIX_ERROR_MITM_DETECTED. It warned users when a MITM scenario was occurring, but it didn’t really provide much information beyond that.
Here’s a screenshot of the error courtesy of Bleeping Computer:

Firefox 65 will provide users with far more information on the scenario. You’ll now be able to get details from the certificate that’s facilitating the MITM. This will give Firefox users a better handle on whether the MITM is malicious, or just the product of an antivirus program or, as shown in the warning below (also courtesy of Bleeping Computer), an HTTP debugger like Fiddler.

 If you choose to click “Learn More…” You’re provided with the following:
Websites prove their identity via certificates, which are issued by certificate authorities.
Firefox is backed by the non-profit Mozilla, which administers a completely open certificate authority (CA) store. The CA store helps ensure that certificate authorities are following best practices for user security.
Firefox uses the Mozilla CA store to verify that a connection is secure, rather than certificates supplied by the user’s operating system. So, if an antivirus program or a network is intercepting a connection with a security certificate issued by a CA that is not in the Mozilla CA store, the connection is considered unsafe.
[View Certificate]

How will MOZILLA_PKIX_ERROR_MITM_DETECTED affect my organization?

This section could probably also be called, “how to fix MOZILLA_PKIX_ERROR_MITM_DETECTED,” but the advice will be a bit more general so it can be more applicable to all kinds of organizations.
And here’s the thing, as long as you use a trusted certificate on any edge devices or middle boxes that intercept connections, you’ll be fine. Mozilla is looking for certificates that don’t chain back to one of the roots in its trust store.
Now, if you’re a regular internet user and you’re getting this error, the most common culprit is going to be your antivirus program. Mozilla recommends disabling SSL or HTTPS scanning and enabling it again. That should let your antivirus program add its root to Mozilla’s trust store so that it can continue protecting you without getting flagged with MOZILLA_PKIX_ERROR_MITM_DETECTED.
Do not, under any circumstances, leave SSL or HTTPS scanning off. Also, don’t leave your antivirus program off, either. These are some of your best lines of defense against the threats on the internet, you need them working for you.
If your problem persists, and it’s not the antivirus program, you’re going to need to find what is interrupting your connections. This is where running a full scan using said antivirus program should help identify any malware or adware that could be injecting ads or malicious content.
As always, leave any comments or questions below…


Popular posts from this blog

How to Get Paid to Play Video Games on Twitch

Introduction Does anyone sit and watch people playing video games all day? Yes, millions of people actually do. Over 15 million viewers daily visit live streaming sites like Twitch to watch games, tournaments, talk shows, casual solo sessions, and more. Just like YouTubers, Twitch streamers are a new breed of online celebrities with legions of dedicated fans who tune in to the platform to watch their favorite streamers. Many of these personalities have reputed sponsors and millions of fans in both Twitch and social media. While not all make it to the NFL and NBA, anyone with a modern game console and passion of gaming, can be a Twitch streamer. What is the best thing about being a Twitch streamer? Of course, you are doing what you love and you have the celebrity status. Is that all enough? Twitch streaming is not just for entertainment; it is an excellent way to earn money online. If you are addicted to gaming and have a combination of other skills like good communication, bu

Protecting Multiple Domains and Sub-domains

Protecting Multiple Domains and Sub-domains Simplify and Save with Future-proof SSL Solutions As your organization grow s , chances are you ’ll add domain s and sub-domains . We know how challenging —not to mention expensive— it can be to try and keep track of multiple SSL C ertificates, possibly bought from different providers , issued by different Certificate Authorities (CAs) and all expiring at different times. Not to worry—there are solutions specifically designed to simplify your life and save you money. Before we dive into these solutions, let’s cover a few basics. Domains vs. Sub-domains In case you’re not familiar with this terminology, having multiple domains means you have multiple root domains, such as : www.yourdomain. com www.yourdomain. org www.yourdomain. net Sub- d omains are part of a larger domain, for example : mail members ftp Wildcard Certificates A Wildcard Certifi

HTTPS Phishing: 49% of Phishing Websites now sport the green padlock

We need to have a clearer discussion about HTTPS and the green padlock. Every month it seems like we hit a new milestone in the internet’s mass migration from HTTP to HTTPS with more and more websites adopting SSL/TLS and securing their connections. Unfortunately, today we’re reporting a far more dubious milestone: nearly half of all phishing websites are now using HTTPS , too. And while this was always inevitable, given the fact that HTTPS has become the new standard, it still casts a light on an issue that is going to plague this industry until we start to have a more frank discussion about HTTPS: Secure ≠ Safe. If you’re a regular reader of Hashed Out you know this is a point we’ve belabored, but one that still bears repeating. So, today we’re going to do that. We’ll talk about HTTPS, people’s misperceptions about it and what we need to do better as an industry to correct those misperceptions moving forward. Let’s hash it out. Nearly half of