Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: jose.gimenez.47 on January 29, 2019, 06:26:21 PM
-
Apparently updating firefox to version 65 causes connection not secure everywhere. If I disable shield control there is no problem. I don´t know if is a problem with Firefox or Avast.
Thanks.
-
Apparently updating firefox to version 65 causes connection not secure everywhere. If I disable shield control there is no problem. I don´t know if is a problem with Firefox or Avast.
Thanks.
Same issue here. I'm pretty certain disabling https scanning would end it but I'm not going there.
-
I think that we are going to be seeing more of this.
See https://forum.avast.com/index.php?topic=9671.msg1492179#msg1492179 which refers to:
Firefox 65 to show ‘Mozilla_PKIX_ERROR_ MITM_Detected’ when AV interferes with SSL connections
There is also a link for further information, I haven't installed FF 65 yet and will be waiting.
-
Apparently updating firefox to version 65 causes connection not secure everywhere. If I disable shield control there is no problem. I don´t know if is a problem with Firefox or Avast.
Thanks.
No problem here with Firefox 65 (x64) and Avast Free 19.1.2360 running on Windows 10 (x64).
-
I think that we are going to be seeing more of this.
Just an observation (but may be pertinent). The last time this flurry of reports happened was when Avast went to version 14: the problem was that the Avast certificate changed and a re-import of the certificate was the solution.
At that time the Avast cert was set to expire in 2024. I just checked, and the current cert is set to expire in 2040, so it looks like it has changed again.
NOTE: in either case below, you must export the certificate from the latest Avast you are using.
So, as a first step, see if this helps https://support.avast.com/en-eu/article/Troubleshoot-invalid-email-certificate (https://support.avast.com/en-eu/article/Troubleshoot-invalid-email-certificate).
If not this may help (the reply was for Thunderbird, but applies equally for Firefox): https://forum.avast.com/index.php?topic=224844.msg1492272#msg1492272 (https://forum.avast.com/index.php?topic=224844.msg1492272#msg1492272).
-
I did this :
https://www.youtube.com/watch?v=lFMu0UVgM24
-
That would have been my next suggestion if https://forum.avast.com/index.php?topic=224844.msg1492272#msg1492272 (https://forum.avast.com/index.php?topic=224844.msg1492272#msg1492272) doesn't work ;)
-
I personally am not seeing this issue with latest FF
-
I personally am not seeing this issue with latest FF
Same, although when I go to see site security, it now says it's verified by Avast. And it's like this in every site, it certainly was not like this before
-
I personally am not seeing this issue with latest FF
Same, although when I go to see site security, it now says it's verified by Avast. And it's like this in every site, it certainly was not like this before
Confirmed no issue. Not aware that Avast ever stopped verification, but avast forum shows DigiCert, Inc as secure certificate
-
Confirmed no issue. Not aware that Avast ever stopped verification, but avast forum shows DigiCert, Inc as secure certificate
It was probably an individual issue then, what got fixed yesterday when i reinstalled Firefox and clean installed Avast.
-
I did what abruptum did: https://www.youtube.com/watch?v=lFMu0UVgM24 and fixed the problem, but I´m concerned on security issues.
Is doing that all right?.
Thanks.
-
I did what abruptum did: https://www.youtube.com/watch?v=lFMu0UVgM24 and fixed the problem, but I´m concerned on security issues.
Is doing that all right?.
Thanks.
I'm curious about that as well.
-
I did what abruptum did: https://www.youtube.com/watch?v=lFMu0UVgM24 and fixed the problem, but I´m concerned on security issues.
Is doing that all right?.
Thanks.
I am not an expert, but I think by enabling that preference in about:config, you are "telling" Firefox to use system certificates like other browsers like IE,Chrome etc.
-
If you write down and save your setting changes as you make them, you should be able to revert.
Having said that, I looked and found security.roots here was set to false. Do not need to change. No certificate errors.
-
I personally am not seeing this issue with latest FF
Same, although when I go to see site security, it now says it's verified by Avast. And it's like this in every site, it certainly was not like this before
Confirmed no issue. Not aware that Avast ever stopped verification, but avast forum shows DigiCert, Inc as secure certificate
I have just updated to FF65 on my win10 system with avast free 19.1.2360 and whilst I don't any error as outlined in Reply #2
But the detailed information shows the use of TLS 1.2, I thought things were moving on to TLS 1.3.
-
Funny thing was, that it did not start immediately after the update, but after a while.
I tried a lot of pages and they all fail, like amazon.de, ebay.de, google.de (I am German as you see ;-))
My wife did some banking in the morning. I came to the running computer and used an open Firefox session.
I WAS on amazon.de. But then, following a link to a product, I got this "This page is not secure" or whatsoever message. From then on all pages failed without exception.
Had to switch off the Web Shield (?), "Web-Schutz" in German to get here...
-
Funny thing was, that it did not start immediately after the update, but after a while.
I tried a lot of pages and they all fail, like amazon.de, ebay.de, google.de (I am German as you see ;-))
My wife did some banking in the morning. I came to the running computer and used an open Firefox session.
I WAS on amazon.de. But then, following a link to a product, I got this "This page is not secure" or whatsoever message. From then on all pages failed without exception.
Had to switch off the Web Shield (?), "Web-Schutz" in German to get here...
-> https://forum.avast.com/index.php?topic=224892.0
-
Ugh, this just happened to me.
Everything was working fine and then I restarted Firefox to update it and boom, not secured everywhere.
I toggled the root option in about:config and it did work properly after that, but it seems like from reading up on it this is another issue with Avast and Firefox talking to each other given the webshield thing is also a way to get it working? But it's also somehow only happening to certain unlucky people???
All I want to know is that Avast are aware of this and in contact with Firefox, to the point of something happening about it hah :/
Until then what is the best and safest course of action to deal with this thing, toggling the setting? Turning off web shield seems worse? Any help appreciated :)
Fully hoping to wake up to a solution, it's late here.
-
Today's update to Firefox 65 blocking all websites on one machine. Yesterday's update on this machine, so far, so good.
I looked at some of the fixes and think I will wait until Avast and Mozilla figure this out. Pays to wait to upgrade.
-
Hi guys, a clean! reinstall of Avast should fix the issue.
-
I personally am not seeing this issue with latest FF
Same, although when I go to see site security, it now says it's verified by Avast. And it's like this in every site, it certainly was not like this before
Confirmed no issue. Not aware that Avast ever stopped verification, but avast forum shows DigiCert, Inc as secure certificate
I have just updated to FF65 on my win10 system with avast free 19.1.2360 and whilst I don't any error as outlined in Reply #2
But the detailed information shows the use of TLS 1.2, I thought things were moving on to TLS 1.3.
Confirmed: TLS 1.2 depreciated from TLS 1.3 setting here a couple of months ago in about:config, manually changed.
-
Just used the Avast cleanup tool and did a Safe Mode clean install and seems to be OK.
However, I have to say the hassle of a clean install is really unacceptable.
-
1. Just used the Avast cleanup tool and did a Safe Mode clean install and seems to be OK.
2. However, I have to say the hassle of a clean install is really unacceptable.
1. OK, thanks for the feedback.
2. Agreed, but it seems only few users run into this, so it's no general problem.
-
I personally am not seeing this issue with latest FF
Same, although when I go to see site security, it now says it's verified by Avast. And it's like this in every site, it certainly was not like this before
Confirmed no issue. Not aware that Avast ever stopped verification, but avast forum shows DigiCert, Inc as secure certificate
I have just updated to FF65 on my win10 system with avast free 19.1.2360 and whilst I don't any error as outlined in Reply #2
But the detailed information shows the use of TLS 1.2, I thought things were moving on to TLS 1.3.
Confirmed: TLS 1.2 depreciated from TLS 1.3 setting here a couple of months ago in about:config, manually changed.
I don't see anything in about:config (search on TLS) specifically relating to a depreciation to TLS 1.2 (or actually stating the version).
-
I just posted in mozilla.support.firefox about the two programs not playing "nice" anymore (it happened to me this AM). I ask for feedback on which kludge is more secure (1) turning off the Avast web shield or (2) changing the value from "false" to "true" on the FF 65 setting: security.enterprise_roots.enabled Awaiting what I suspect will be an "interesting" bunch of responses!
-
I just posted in mozilla.support.firefox about the two programs not playing "nice" anymore (it happened to me this AM). I ask for feedback on which kludge is more secure (1) turning off the Avast web shield or (2) changing the value from "false" to "true" on the FF 65 setting: security.enterprise_roots.enabled Awaiting what I suspect will be an "interesting" bunch of responses!
None, both are workarounds. See Reply #20.
-
@ pdkent2002
I think this won't just be impacting Avast/Firefox 65 users, but other AV that attempt to scan https content in firefox 65 for viruses
-
Hello,
I solved the problem on my computer of "SEC_ERROR_UNKNOWN_ISSUER" and "MOZILLA_PKIX_ERROR_MITM_DETECTED" that appeared after the update of FIREFOX 65.
And leaving the web agent enabled.
I'm going to Firefox Settings.
- Settings
- Privacy and security
- Certificates
- View certificates
- 'Authorities' tab
- Selects the certificate "Avast Web/Mail Shield"
- Change the trust
- Select "This certificate can identify websites" and valid.
And normally it's good. I translated the names of the options from my French version so the names may not be exact.
Best Regards,
-
I personally am not seeing this issue with latest FF
Same, although when I go to see site security, it now says it's verified by Avast. And it's like this in every site, it certainly was not like this before
Confirmed no issue. Not aware that Avast ever stopped verification, but avast forum shows DigiCert, Inc as secure certificate
I have just updated to FF65 on my win10 system with avast free 19.1.2360 and whilst I don't any error as outlined in Reply #2
But the detailed information shows the use of TLS 1.2, I thought things were moving on to TLS 1.3.
Confirmed: TLS 1.2 depreciated from TLS 1.3 setting here a couple of months ago in about:config, manually changed.
I don't see anything in about:config (search on TLS) specifically relating to a depreciation to TLS 1.2 (or actually stating the version).
A Little Troubleshooting:
- I googled TLS settings in Firefox and wound up at a site featuring FF version 49.0!
- See 1st pic below for TLS 1.2 settings
- To move TLS min setting to TLS 1.3 requires Integer value to be changed to (4)
- See 2nd pic below for TLS 1.3 loaded
- Pics 3 and 4 show resulting Secure Connection errors on some sites and include default way of fixing these errors in browser window
- Resetting via 'Restore Default Settings' button fixes the error and resets TLS min value to 3
You should now be able to access web sites as normal.
TLS min has to be set at value 3.
-
There is seemingly a much easier fix for this problem than clean reinstalling Avast, as per Firefox reddit...
Your certificate file might be corrupted - just throw it in the bin and FF will rebuild it. You can find it in your Profile folder: *\Data\profile\cert8.db
To easily find your profile folder: open the menu at the top right corner,
click on the question-mark at the bottom,
click on "Troubleshooting Information",
at the first table you see click on the button that says "Show Folder".
As also commented by another user the cert8.db might be a different number, as mine was cert9.db.
It was as simple as sending it to the bin and reloading Firefox, hope this helps guys :)
*edit*
Forgot the link..
https://www.reddit.com/r/firefox/comments/albqm4/firefox_updated_to_version_65_and_now_all_i_get/
-
There is seemingly a much easier fix for this problem than clean reinstalling Avast, as per Firefox reddit...
Your certificate file might be corrupted - just throw it in the bin and FF will rebuild it. You can find it in your Profile folder: *\Data\profile\cert8.db
To easily find your profile folder: open the menu at the top right corner,
click on the question-mark at the bottom,
click on "Troubleshooting Information",
at the first table you see click on the button that says "Show Folder".
As also commented by another user the cert8.db might be a different number, as mine was cert9.db.
It was as simple as sending it to the bin and reloading Firefox, hope this helps guys :)
*edit*
Forgot the link..
https://www.reddit.com/r/firefox/comments/albqm4/firefox_updated_to_version_65_and_now_all_i_get/
This worked for me. I had both cert8.db and cert9.db
Thanks.
-
Deleting the certs didn't work for me, nor did reinstalling Firefox or Avast; it only works by disabling HTTPS scanning which clearly isn't ideal.
-
The workaroung switching security.enterprise_roots.enabled from false to true has 1 big disadvantage:
If you are using a master-password it will ask you then everytime you start Firefox to enter it.
Not only when a password is needed or saved/updated. Always! That's really annoying.
-
Could you
1. go to about:preferences#privacy (http://about:preferences#privacy) (either by typing/clicking in the link it or through menu Options and
2. click on Privacy & Security
3. scroll down to Certificates
4. click on View Certificates.
5. Select Avast Web/Mail Shield Root - Software Security Device
6. click Edit Trust.
The checkbox This certificate can identify websites should be checked. If not, please do so.
Does it help?
(we are working on a fix, but it would help us to confirm that this workaround worked for the case when Firefox shows 'Your connection is not secure')
-
Could you
1. go to about:preferences#privacy (http://about:preferences#privacy) (either by typing/clicking in the link it or through menu Options and
2. click on Privacy & Security
3. scroll down to Certificates
4. click on View Certificates.
5. Select Avast Web/Mail Shield Root - Software Security Device
6. click Edit Trust.
The checkbox This certificate can identify websites should be checked. If not, please do so.
Does it help?
(we are working on a fix, but it would help us to confirm that this workaround worked for the case when Firefox shows 'Your connection is not secure')
Sadly mine was already checked so there was nothing to do there.
Also, my partner has Bitdefender 2019 and the same error is happening with Firefox on that computer too (only working when you deactivate the HTTPS equivalent or change the Firefox setting). It looks like Mozilla really jumped the gun with this update.
I reverted my original workaround because I don't think it's safe to have no HTTP scanning, and changed the Firefox setting instead, although I echo the other user that it asking for the Master Password each run is annoying. I just wish I could use the quick-fixes that seem to work for many others! But no dice, for whatever reason.
-
This article will interest all posters in this topic, I think https://www.ghacks.net/2019/02/01/mozilla-halts-firefox-65-distribution-on-windows/ (https://www.ghacks.net/2019/02/01/mozilla-halts-firefox-65-distribution-on-windows/)
-
We have released the hotfix in Virus Definition Update 190201-6. It is applied automatically, no need to reboot the computer.
Please let us know if it helped.
Thanks. Pavel
-
We have released the hotfix in Virus Definition Update 190201-6. It is applied automatically, no need to reboot the computer.
Please let us know if it helped.
Thanks. Pavel
Https scanning doesn't work anymore, not sure if that's intentional. Everything was actually working fine for me before that fix was released.
-
Firefox 65, reverted security enterprise roots enabled to false (default) and is working fine.
Thanks.