Author Topic: Avast 19.5.2378 changes all Certificate on Chrome/Firefox  (Read 1461 times)

0 Members and 1 Guest are viewing this topic.

Offline nikjy

  • Newbie
  • *
  • Posts: 4
Avast 19.5.2378 changes all Certificate on Chrome/Firefox
« on: May 22, 2019, 01:08:43 PM »
I have just update my Avast product to version 19.5.2378 and it's weird when this version changes all the Certificate in Chrome and Firefox to Avast web/mail shield root, ALL THE WEBSITE EXCEPT some top website like Digicert, Cloudflare, ..!! and more, I can't connect to this website: https://www.cloudflare.com/ssl/encrypted-sni/ on Firefox but in Chrome it's fine, I have also enable secure dns and encrypt sni in Firefox, is this a webshield bug or it's a feature ?? note that in the previous version, there is no Avast web/mail shield root on any website i visited.

Images about this problem is here: https://ibb.co/vsmQ7HX
https://ibb.co/1Qh2TS1
https://ibb.co/zGx3ynB

Offline nikjy

  • Newbie
  • *
  • Posts: 4
Re: Avast 19.5.2378 changes all Certificate on Chrome/Firefox
« Reply #1 on: June 26, 2019, 08:18:47 PM »
UPDATE: currently using version 19.6.2383 and I solve this issues by changing Web shield : ''Scan HTTPS"", hope this problem be solved
« Last Edit: June 26, 2019, 09:28:37 PM by nikjy »

Offline nikjy

  • Newbie
  • *
  • Posts: 4
Re: Avast 19.5.2378 changes all Certificate on Chrome/Firefox
« Reply #2 on: July 09, 2019, 12:27:17 PM »
YOU GUYS DEV NEED TO DO SOMETHING, SECURITY FOR ALL

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85955
  • No support PMs thanks
Re: Avast 19.5.2378 changes all Certificate on Chrome/Firefox
« Reply #3 on: July 09, 2019, 01:22:45 PM »
There is a whole bunch of posts about this in another topic related to this:

Quote
This 'problem' isn't evident in most of the other browsers so why are they able to function without any problems?

Because Chromium-based browsers implicitly trust the OS's root Certificate Store.

Gecko-based browsers have an additional, curated list of trusted CAs.  This allows Mozilla to easily blacklist expired/rogue/compromised certificates.

Avast used a heavy-handed (and unsupported) method of crowbarring their certificate into Mozilla-based browsers (despite advice to the contrary from Mozilla).

The quick solution for all Firefox (and forked) browsers is to set the preference
Code: [Select]
security.enterprise_roots.enabled to TRUE.  It will then implicitly trust the OS's root Certificate Store which makes Avast's hack unnecessary (tested).

Start reading from there and a little above that post for background information.

The next incarnation of Firefox should be change how this is handled to prevent users being impacted in how Avast have implemented this ManInMiddle problem.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline nikjy

  • Newbie
  • *
  • Posts: 4
Re: Avast 19.5.2378 changes all Certificate on Chrome/Firefox
« Reply #4 on: July 09, 2019, 09:54:50 PM »
alright ... JUST update to Firefox 68 and looks like it's completely solved the problem , it's weird that before i update to Firefox 68, setting the security.enterprise_roots.enabled in about:config does not work for me,  idk why, but one thing is certain, Mozilla fixed it, thanks everyone !
« Last Edit: July 09, 2019, 09:57:31 PM by nikjy »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85955
  • No support PMs thanks
Re: Avast 19.5.2378 changes all Certificate on Chrome/Firefox
« Reply #5 on: July 09, 2019, 11:49:38 PM »
You're welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security