Mozilla has halted the automatic updates to Firefox 65 as users are unable to browse web sites due to certificate errors. These errors are being caused by conflicts between various antivirus program's HTTPS scanning and Firefox 65.
Firefox 65 was released this week and with it came numerous reports from users that when they visited safe web sites, they were shown an error by Firefox 65 that states Your Connection is not secure and that there is an issue with the HTTP Strict Transport Security (HSTS) of the site.
If they click on the Advanced button, Firefox will then display an error stating SEC_ERROR_UNKNOWN_ISSUER, which means that the certificate provided by the site was issued by certificate authority that is unknown to Firefox and therefore will not be trusted.
According to a Mozilla bug report, these errors are being caused by the web protection modules in antivirus software such as Avast, AVG, and Kaspersky. Path of exile bigger inventory. In order for an antivirus software to scan an encrypted SSL connection for malicious content it needs to add its own certificate to Mozilla's certificate store in order to perform a MiTM (Man-in-the-Middle) attack.
Due to this wide spread conflict, Mozilla QA Lead Ryan VanderMeulen has stated that Mozilla has halted the automatic update to Firefox 65 in Windows to avoid making the problem worse.
In response to this bug ticket, Avast network security research David Jursa stated that Firefox HTTPS filtering will be disabled by Avast & AVG products for the Firefox process in the next few hours until a proper fix can be created.
Avast has told BleepingComputer that this hotfix is currently being rolled out and will disable HTTPS scanning for the Firefox process only. Furthermore, Lukáš Rypáček of Avast has stated that normal HTTP scanning in Firefox will continue to work as normal.
'A hotfix has been issued (Virus Definition Update 190201-6) and users should no longer experience issues in Firefox 65 with encrypted or unencrypted websites. Users do not need to take any action to apply the changes. Avast Threat Labs will continue to monitor any further changes and work on full fix. All other browsers are unimpacted.'
Fixing the certificate errors in Firefox 65
If you have upgraded to Firefox 65 and are seeing errors when browsing the web that state the 'Connection is not secure', then you are most likely affected by this bug and seeing a conflict between the browser and your antivirus software.
Option 1: Disable HTTPS scanning in your antivirus software
To temporarily fix this issue, you can disable HTTPS scanning in your antivirus program. This is not the recommended solution as you will no longer be protected from malicious SSL web sites.
The instructions on how to disable HTTPS scanning is different for each program. Below are various articles that explain how to disable HTTPS scanning:
As Avast and AVG are on the process of pushing out a hotfix to disable HTTPS filtering in their products, you do not need to disable it in their program as that will cause this protection to be disabled for all browers on your computer.
It should be noted that when you disable HTTPS scanning in your antivirus software's web protection module, you are no longer protected malicious SSL sites. For this reason, we recommend the next option instead.
Options 2: Allows Firefox to use certificates from Windows certificate store
By default, Firefox 65 will use only use the certificates in their built in browser certificate store. It is possible, though, to enable the ability to also use the antivirus engine's certificate that are created in the Windows certificate store to validate other web sites certificates.
To enable Firefox to use the certificates installed as a Windows Trusted Certificate Authority, you can enable to the security.enterprise_roots.enabled option. To do this, please follow these steps:
Type about:config in the Firefox address bar and then press enter. When Firefox asks, click on the button stating that you accept the risks.
In the search field enter security.enterprise_roots.enabled and press enter.
Double-click on security.enterprise_roots.enabled so that it toggles to true as shown below.
You can now close the about:config page.
You have now enabled Firefox to use the Avast root certificate located in the Windows certificate store and you should be able to properly browse the web again.
Updated 2/1/19 1:37 PM EST:
Added statement from Avast.
H/T: Techdows.com
Related Articles:
Firefox had been my preferred browser earlier, and even now I keep on balancing between Chrome and Firefox. That said be it any browser one is expected to run into peculiar problems, and when this happens, troubleshooting is pretty tough. We need to understand that every browser has its own set of protocols and authentication checks that it applies to all the website. However, when something goes wrong, it leads to errors. “Your Connection is not secure” is one such error that will stop you from accessing the sites.
Your connection is not secure – Firefox
Usually, the URL begins with “https://” and the certificate provided by the website provides sufficient evidence that the encryption is strong enough. But this error usually crops up when the certificate validation is not completed, and the encryption is not strong enough.
The best thing would be to hit “Go Back” button and try to contact the site owner. However, you can always override the warning and access the website, but it is then that you should understand the consequences of using a vulnerable communication channel. If you intend to make some purchases its highly recommended not to use the website until the warning goes off.
Your Connection is not secure is one of the common problems on Firefox & in order to troubleshoot, we need to understand the type of connection errors like The certificate is only valid for site, SEC_ERROR_UNKNOWN_ISSUER, Corrupted certificate store, SEC_Error_Expired_Certificate, etc.
Let’s take a detailed look at the errors that usually crop up.
The certificate is only valid for (site name)
This error reflects the fact that the certificate you are currently viewing is for meant for another site. Identification error is often caused when you land from other sites but this issue should not persist when you try to visit the site directly.
Insecure Connection Firefox
SEC_ERROR_UNKNOWN_ISSUER
SEC_ERROR_UNKNOWN_ISSUER warning is actually an additional layer of security that is mostly enforced by the security software. You can resolve this issue by disabling the SSL scanning in your security software like Avast, Bitdefender, ESET, and Kaspersky.
The certificate is not trusted because it is self-signed. Peer’s Certificate issuer is not recognized.
Firefox Says Insecure Connection
Self-signed certificate might make you immune from the third party eavesdroppers but it doesn’t ensure who the recipient of the data is. However, if you are trying to access an intranet network and you get this message you may ignore it without giving it a much of a thought.
Corrupted certificate store
The Corrupted certificate file error often crops up when the file in your profile folder, the one which stores your cert8.db certificates has become corrupted. Delete this file and allow the Firefox to regenerate it.
If the site has weak encryption you will be shown an option to load the site with the updated security at the place. If the certificate of the site cannot be validated you will be given an option to load the site with an exception. Be forewarned that legitimate sites will not ask you to bypass the certificate and if they do it’s better to check if it’s a phishing attempt or a fake site altogether.
Tip in Tip: See this post if you receive This site is not secure message in Firefox, Edge, IE or Chrome.
SEC_Error_Expired_Certificate
The error text will show you your systems date and time, in case this is incorrect you can fix the problem by simply updating the same. The certificate is not trusted because the issuer certificate is unknown
This happens when the server might not actually be sending intermediate certificates and an additional root certificate might be needed for import.
If your Firefox throws up a This connection is not secure, Logins entered here could be compromised message. You may have to disable Insecure password Login prompt. See this post if Firefox couldn’t load XPCOM in Windows.
Related read: How to troubleshoot Time related errors on secure websites for Firefox.
TIP: Download this tool to quickly find & fix Windows errors automatically
Related Posts:
Last night my Firefox Browser updated, but it asked me a question about allowing the update before proceeding, which I thought was odd, but continued, as it's Firefox. So now I'm on version 52 and I keep seeing a connection error:
I need to log into my PHPMyAdmin on Localhost but see this message first. How do I fix it?
Steve GeeSteve Gee
2 Answers
This is a security feature in new versions of Firefox.
There is actually no error, this just warns you that the login information will be sent over a non-encrypted channel.
You can ignore this warning and logon nevertheless. This is okay, when working with logins on your own computer or when working with logins in your own private local network.
When the login form is on a server in the internet or some other public or workplace network, make sure to enable and use https for the site so that login information is not sent without encryption.
You can disable this feature in Firefox the following way (NOT advised!):
Enter about:config into the address field.
Conform the warning that you want to change settings
Enter security.insecure_field_warning.contextual.enabled into the Search field
Double click the shown entry security.insecure_field_warning.contextual.enabled to set it to false.
this is the solution for your connection is not secure or insecure connection
it is very easy to fix this problemIn CONTROL PANEL choose WINDOWS FIREWALL and click on ALLOW AN APP OR FEATURE THROUGH WINDOWS FIREWALL click on CHANGE SETTINGS now find the browser which you used i.e. firefox google chrome and tick both side PUBLIC or PRIVATE then OK
now your problem is gone
princeprince
Not the answer you're looking for? Browse other questions tagged securityfirefoxbrowserconnection or ask your own question.