The Firefox browser will soon come with a new security feature that will detect and then warn users when a third-party app is performing a Man-in-the-Middle (MitM) attack by hijacking the user's HTTPS traffic.
The new feature is expected to land in Firefox 66, Firefox's current beta version, scheduled for an official release in mid-March.
The way this feature works is to show a visual error page when, according to a Mozilla help page, "something on your system or network is intercepting your connection and injecting certificates in a way that is not trusted by Firefox."
An error message that reads "MOZILLA_PKIX_ERROR_MITM_DETECTED" will be shown whenever something like the above happens.
The most common situation where this error message may appear is when users are running local software, such as antivirus products or web-dev tools that replace legitimate website TLS certificates with their own in order to scan for malware inside HTTPS traffic or to debug encrypted traffic.
Another scenario, also quite common, is when a user's computer gets infected with malware that attempts to intercept HTTPS traffic by installing untrusted certificates.
A third scenario would be when an ISP or a malicious user on the same network is also hijacking the user's internet traffic, and replacing certificates in order to spy on the user's HTTPS traffic.
The new MitM error page aims to serve as an early warning sign that something is wrong and that a deeper investigation may be needed.
This Mozilla support page comes with various recommendations for each situation and how to configure various antivirus products.
The MitM detection feature was initially scheduled to be released with Firefox 65. Its release was delayed after the MitM error page needed more fine-tuning to avoid false positives.
Firefox is the second browser to add a MitM error page. The first was Google Chrome, which received support for showing MitM errors in version 63, released in December 2017.
More browser coverage:
- Mozilla publishes official Firefox anti-tracking policy
- Google Chrome to get warnings for 'lookalike URLs'
- Google Chrome to add drive-by-download protection
- Google Chrome 72 removes HPKP, deprecates TLS 1.0 and TLS 1.1
- Firefox 65 released with AV1 and WebP support
- Chrome API update will kill a bunch of other extensions, not just ad blockers
- How to use Vivaldi Tab Sessions TechRepublic
- Brave's privacy-focused ads to spread beyond startup's own browser CNET