Firefox will soon warn users of MitM attacks – International Center for Development of Science and Technology (ICDST) Blog

Security: Starting with version 66, Firefox will warn you when antivirus products, malware, or your ISP intercept your HTTPS traffic.

The Firefox browser will soon have a new security feature that will detect and warn users when a third-party application performs a MITM- (Man-in-the-Middle) attack by diverting HTTPS traffic from the user.

The new feature is expected to land in Firefox 66 , the current beta of Firefox, which is expected to be released by mid-March.

The function of this feature is to display an error page when, according to a Mozilla help page, “an element of your system or network intercepts your connection and injects certificates in a way that is not approved by Firefox “.

An error message saying “MOZILLA_PKIX_ERROR_MITM_DETECTED” will be displayed whenever something like this occurs.

The most common situation where this error message may appear is when users run software on their machines, such as antivirus products or Web development tools, that replace the TLS certificates of legitimate Web sites with theirs in order to detect malware in HTTPS traffic or debug encrypted traffic.

Another common scenario is when a user is infected with malware that attempts to intercept HTTPS traffic by installing unreliable certificates.

A third scenario would be when an ISP or a malicious user on the same network will also hijack the user’s Internet traffic and replace the certificates in order to spy on the user’s HTTPS traffic.

The new MitM error page aims to serve as a warning sign that something is wrong and further investigation may be needed.

This Mozilla support page contains various recommendations for each situation and explains how to configure various antivirus products. The MitM detection feature was originally supposed to be released with Firefox 65. Its release was delayed because the MitM error page needed to be more accurate to avoid false positives.

Firefox is the second browser to add a MitM error page. The first was Google Chrome, which had received support to view MitM errors in version 63, released in December 2017.