Mozilla adds breach alert feature to Firefox browser Watch Now

Users of Firefox 65, released by Mozilla last week, were immediately hit by 'Your connection is not secure' messages when visiting popular sites.

The issue mostly affected Firefox 65 users running AVG or Avast antivirus. The message appeared when users visited an HTTPS website and stated the 'Certificate is not trusted because the issuer is unknown' and that 'The server might not be sending the inappropriate intermediate certificates'.

The problem, reported on Mozilla's bug report page and first spotted by Techdows, is due to the HTTPS-filtering feature in Avast and AVG antivirus. Avast owns AVG. The bug prevented users from visiting any HTTPS site with Firefox 65.

To limit the impact on users, Mozilla decided to temporarily halt all automatic updates on Windows. In the meantime, Avast, which owns AVG, released a new virus engine update that completely disabled Firefox HTTPS filtering in Avast and AVG products. HTTPS filtering remains enabled on other browsers.

HTTPS filtering by antivirus vendors is a slightly controversial feature that's designed to inspect web content for malware in encrypted HTTPS traffic, but in the process it undermines the security and privacy afforded by HTTPS.

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

Avast and other antivirus firms do this by removing a site's Transport Layer Security (TLS) certificate and adding their own self-generated certificate. This certificate is signed by Avast's trusted root authority and added to the root certificate store in Windows and in major browsers.

The method used is technically a man-in-the-middle (MitM) attack, which has drawn criticism from Google, Mozilla and others for creating more security risks for users.

Avast has previously argued that its MitM technique is necessary and that its method is different to a malicious MITM.

More HTTPS certificate troubles for antivirus products could be on the way in Firefox 66, which is gaining a new feature that will detect and warn users when a third-party app is conducting an MitM attack.

A new error message, 'MOZILLA_PKIX_ERROR_MITM_DETECTED', will be displayed if Firefox detects that something on the user's system or network is intercepting the connection and injecting certificates in a way that is not trusted by Firefox. Chrome already has a similar feature.

Previous and related coverage