Firefox Fixes Error that Crashed HTTPS Pages

By Swapnil Bhartiya

The issue was caused by a conflict between Firefox and antivirus software.

Mozilla has made changes to its Firefox browser that helps sysadmins fix TLS errors due to HTTPS. These errors are triggered by antivirus software that try to intercept secure connections over HTTPS.

The cause of the problem was the fact that Firefox trusts only those Certificate Authorities (CAs) that are listed in its own store, whereas antivirus software systems use their own CAs. “The antivirus products relying on other trusted CAs provided by the operating system (OS) are not allowed to intercept HTTPS connections on Firefox,” said Hacker News.

This conflict between Firefox and antivirus software lead to users experiencing crashed HTTPS pages showing errors like “SEC_ERROR_UNKNOWN_ISSUER.”

To fix the issue, Mozilla has created a mechanism to detect when a Firefox error is caused by a MITM. Users can enable the ‘enterprise roots’ preference that allows Firefox to import any root CAs that have been added to the OS by the user, an administrator, or a program that has been installed on the computer.

This option is available only on Windows and MacOS.

“It might cause some concern for Firefox to automatically trust CAs that haven’t been audited and gone through the rigorous Mozilla process. However, any user or program that has the ability to add a CA to the OS almost certainly also has the ability to add that same CA directly to the Firefox root store,” said Mozilla in a blog post.