Firefox released version 65 just a few days ago, and alongside it also made available Firefox 66 in beta for Web and Android users. Now, in its weekly blog highlighting the work in progress, the company confirms that it will introduce a new security feature that will warn users if a Man-in-the-middle (MitM) attack is being performed by any third-party app by using their HTTPS traffic. Mozilla notes that this MitM error page will be turned on by default with Firefox 66 set to release in mid-March.
The MitM error page will be turned on by default with Firefox 66, and it will show you a message that should read “MOZILLA_PKIX_ERROR_MITM_DETECTED”. This message will show up when something on your device is intercepting your network and injecting certificates in a way that is not trusted by Firefox. In such cases, Firefox 66 will show the MitM error message in the browser.
ZDNet notes that this error message may appear if a users’ system is infected with malware, and untrusted certificates are installed to intercept HTTPS traffic. This page may also show up if a hacker on the same network is trying to get into the users’ internet traffic and replace certificates for spying purposes.
There’s also a scenario where the error page will pop-up if antivirus software or Web developer tools that replace legitimate website TLS certificates with their own in order to scan for malware inside HTTPS traffic or to debug encrypted traffic is identified. This MitM error warning will make the user aware about any of these scenarios, and compel them to the necessary measures, and investigate deeper. Mozilla also has a dedicated support page that gives out advice on what needs to be done in each of the above mentioned scenarios.
For those unaware, Firefox 65 was rolled out just this week, and it brought along a new interface that allows for easy access of the Content Blocking section.