Firefox 66 alerts users to MitM attacks

Mozilla adds a new security feature to Firefox. If the browser detects a third-party app that performs Man-in-the-Middle (MitM) attacks, it warns the user accordingly. The new feature will probably be available from Firefox 66 and is scheduled for release in the course of March.

The MitM function is currently available in the trial version of Firefox 66. The function shows the user a visual error page if there is something in your system or network that intercepts your connection and adds certificates in a way not trusted by Firefox. An error message with the text MOZILLA_PKIX_ERROR_MITM_DETECTD is also displayed.

Common situations

The most common situation where this error message is displayed is when users run local software. Think of an antivirus product, or a web-dev tool, that replaces legitimate TLS certificates of websites with their own certificates in order to search for malware that is hidden in the https traffic.

Another common scenario is when a user’s computer gets infected with malware that tries to intercept https traffic by installing unfamiliar certificates. A third scenario where this is common is when an ISP or a user on the same network intercepts the user’s traffic and replaces the certificates to record the user’s https traffic.

Mozilla’s new warning page is only an early indication of problems. So it doesn’t mean that Mozilla Firefox solves the problem, but it is an indication that it might be a good idea to find out what might be wrong on your system. The Mozilla site has a support page that explains how to deal with such situations and how to configure different antivirus products.

The MitM-function should have been released with Firefox 65, but it was postponed when it appeared that the page was sometimes shown incorrectly.