MOZILLA_PKIX_ERROR_MITM_DETECTED

[myrnac]

Hello:
My concern is detailed, but I do not want to start messing with my security settings, because Avast has/does serve me well, thank you! Typically, I use Chrome with no issues, whatsoever, but a project I am working on defaults to Mozilla Firefox? I used to use it as my default years ago, but its updates felt like old school dial-up (sloooow). Regardless, it was working fine (and much better), the last time using it.
Now, I cannot access general sites such, as its mozilla support page (https://support.mozilla.org.....), to find out why I cannot access Google (https://google.com), because of the "Insecure Connection" page disallowing the option of allow/exceptions. I was able to make the exception for the mozilla support url, (did not think to c&p in Chrome), and came across this link for AntiVirus Products (for multiple site blocking):

Managing HTTPS scanning in Web Shield in Avast Antivirus

This is the response from the link= https://support.avast.com/en-us/article/189/ "MOZILLA_PKIX_ERROR_MITM_DETECTED" and after hitting "Advanced"

"Your connection is being intercepted by a TLS proxy. Uninstall it if possible or configure your device to trust its root certificate." "HTTP Strict Transport Security: false" "HTTP Public Key Pinning: false"

Do I just not use Mozilla Firefox, because that just ignores a potential problem. Do you have a safe fix for this, assuming, I am not the only one that has come across this issue.

Thank you!

[Asyn]

- Which Avast..? (Free/Pro/IS/Premier)
- Which version..?
- OS..? (32/64 Bit..? - which SP/Build..?)
- Other security related software installed..?
- Which AV(s) did you use before Avast..?

[Luukjr]

Hello:
My concern is detailed, but I do not want to start messing with my security settings, because Avast has/does serve me well, thank you! Typically, I use Chrome with no issues, whatsoever, but a project I am working on defaults to Mozilla Firefox? I used to use it as my default years ago, but its updates felt like old school dial-up (sloooow). Regardless, it was working fine (and much better), the last time using it.
Now, I cannot access general sites such, as its mozilla support page (https://support.mozilla.org.....), to find out why I cannot access Google (https://google.com), because of the "Insecure Connection" page disallowing the option of allow/exceptions. I was able to make the exception for the mozilla support url, (did not think to c&p in Chrome), and came across this link for AntiVirus Products (for multiple site blocking):

Managing HTTPS scanning in Web Shield in Avast Antivirus

This is the response from the link= https://support.avast.com/en-us/article/189/ "MOZILLA_PKIX_ERROR_MITM_DETECTED" and after hitting "Advanced"

"Your connection is being intercepted by a TLS proxy. Uninstall it if possible or configure your device to trust its root certificate." "HTTP Strict Transport Security: false" "HTTP Public Key Pinning: false"

Do I just not use Mozilla Firefox, because that just ignores a potential problem. Do you have a safe fix for this, assuming, I am not the only one that has come across this issue.

Thank you!

Hi,

This is what mozilla.org says about it:

"In case you get this problem on multiple unrelated HTTPS-sites, it indicates that something on your system or network is intercepting your connection and injecting certificates in a way that is not trusted by Firefox. This is indicated by "MOZILLA_PKIX_ERROR_MITM_DETECTED" if Firefox is able to detect that the connection is intercepted by a proxy. The most common causes are security software scanning encrypted connections or malware listening in, replacing legitimate website certificates with their own.

Antivirus products
Generally, if your security product contains a feature to scan encrypted connections, you could try to reinstall the security product, which might trigger the software to place its certificates into the Firefox trust store again. Try the following solutions for particular security products:

Avast
In Avast security products you can disable the interception of secure connections:

Open the dashboard of your Avast application.
Go to Menu > Settings > Components and click Customize next to Web Shield.
Uncheck the box next to Enable HTTPS Scanning and confirm this by clicking OK."

[bob3160]

Following those instructions may fix the firefox conflict but, doesn't that also now allow
malware hidden in https to get to your computer since you've now prevented your AV to scan https content

[Asyn]

Following those instructions may fix the firefox conflict but, doesn't that also now allow
malware hidden in https to get to your computer since you've now prevented your AV to scan https content

Correct.

[bob3160]

Following those instructions may fix the firefox conflict but, doesn't that also now allow
malware hidden in https to get to your computer since you've now prevented your AV to scan https content

Correct.

I've reported this to the Avast since this is something that needs to be addressed.

[.: Mac :.]

Not sure they can fix other than getting Mozilla to change Firefox to trust their certificates

[Asyn]

Following those instructions may fix the firefox conflict but, doesn't that also now allow
malware hidden in https to get to your computer since you've now prevented your AV to scan https content

Correct.

I've reported this to the Avast since this is something that needs to be addressed.

Well, we'd need the specs from the OP first.

[Asyn]

Not sure they can fix other than getting Mozilla to change Firefox to trust their certificates

Firefox works for me (and most others), so this shouldn't be an issue.

[bob3160]

Following those instructions may fix the firefox conflict but, doesn't that also now allow
malware hidden in https to get to your computer since you've now prevented your AV to scan https content

Correct.

I've reported this to the Avast since this is something that needs to be addressed.

Well, we'd need the specs from the OP first.

We don't need anything. Something for Avast to address.
@ Mac,
I'm sure it's something they can work out together since millions use both products.

[Asyn]

Something for Avast to address.

Nope, see Reply #8.

[.: Mac :.]

@ Bob - agreed, Mozilla needs to add this as a trusted certificate.

[Asyn]

@ Bob - agreed, Mozilla needs to add this as a trusted certificate.

See screenshot...

[Luukjr]

It seems clear to me that Mozilla is not on the right track: https://techdows.com/2018/12/mozilla-pulls-a-post-from-its-internet-citizen-blog-after-criticism.html