Firefox 68 gets fix for antivirus problems caused by https websites

The upcoming version of Firefox fixes an issue where antivirus programs crash when visiting websites with a TLS connection. The problem has been going on for more than half a year, but is now being fixed via a configuration adjustment.

The fix is ​​in Firefox 68, the new version of the browser that will be released on July 9. In the new version, Firefox automatically turns on an about:config setting called security.enterprise_roots.enabled, which keeps antivirus programs running when the user visits an https website. That bug has been with various antivirus programs for more than six months, since Firefox 65.

The error was in the fact that Firefox marked certain websites with https connection as possible man-in-the-middle attacks. That’s because, unlike most other browsers, Firefox has its own list of allowed certificates. As a result, antivirus companies must update their software to include their own root certificates in that list, otherwise Firefox won’t be able to check whether encrypted https traffic is legitimate or not. If not, that traffic is automatically marked as dangerous. In some cases, this also led to virus scanners crashing completely or constantly giving error messages. This happened at AVG and Avast, among others.

The problems first arose in Firefox 65, which was released back in December. Mozilla temporarily halted the rollout of the update. Wayne Thayer, certificate authority program manager at Mozilla, says in a blog post that the company was initially working on a ‘Fix it’ button in the browser that would allow one-click addition of a root certificate to Mozilla’s own list so that the error messages no longer appear. would occur. In the end, this was abandoned and a more permanent solution was devised.