Firefox version 66 Coming soon with a new security feature to warn users of software performing MitM attacks

FireFoxVersion

From version 66 onwards, Firefox will let you know when antivirus products, malware or your ISP are entering your HTTP traffic.

The Firefox browser will soon come with a new security feature that will detect and warn users when a third-party app attacks by hijacking the HTTPS traffic of the user.

The new feature is expected to be released in Firefox 66, the current beta version of Firefox, which will be released officially in mid-March. The way this feature works is to display a visual error page when “something on your system or network intercepts your connection and injects certificates in a way that is not trusted by Firefox, “according to a Mozilla help page.

An error message that reads

MOZILLA_PKIX_ERROR_MITM_DETECTED

will be displayed whenever something like the above happens.

The most common situation in which this error message appears is when users run local software, such as antivirus products or web-dev tools that replace legitimate TLS certificates on the website with their own, to scan for malware in HTTPS traffic or to debug encrypted transport.

Another common scenario is when the computer of a user is infected with malware that tries to intercept HTTPS traffic by installing untrusted certificates. A third scenario would be if an ISP or malicious user on the same network hijacks the Internet traffic of the user and replaces certificates to spy on the HTTPS traffic of the user.

The new MitM error page aims to serve as an early warning sign that something is wrong and that a more thorough investigation is necessary.

This Mozilla support page offers various recommendations for each situation and how different antivirus products can be configured. The MitM detection function was originally planned for release on Firefox 65. Its release was delayed after finer tuning was required on the MitM error page to avoid false positives.

Firefox is the second browser that adds an error page for MitM. The first one was Google Chrome which was supported in December 2017 to show MitM errors in version 63.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.