The Firefox browser will soon come with a new security feature that will detect and warn users when a third-party app attacks by hijacking the HTTPS traffic of the user. The new feature is expected to be released in Firefox 66, the current beta version of Firefox, which will be released officially in mid-March. The way this feature works is to display a visual error page when “something on your system or network intercepts your connection and injects certificates in a way that is not trusted by Firefox, “according to a Mozilla help page. The most common situation in which this error message appears is when users run local software, such as antivirus products or web-dev tools that replace legitimate TLS certificates on the website with their own, to scan for malware in HTTPS traffic or to debug encrypted transport. “MOZILLA_PKIX_ERROR_MITM_DETECTED” will be displayed whenever something like the above happens. Another common scenario is when the computer of a user is infected with malware that tries to intercept HTTPS traffic by installing untrusted certificates. A third scenario would be if an ISP or malicious user on the same network hijacks the Internet traffic of the user and replaces certificates to spy on the HTTPS traffic of the user. The new MitM error page aims to serve as an early warning sign that something is wrong and that a more thorough investigation is necessary. This Mozilla support page offers various recommendations for each situation and how different antivirus products can be configured. The MitM detection function was originally planned for release on Firefox 65. Its release was delayed after finer tuning was required on the MitM error page to avoid false positives. Firefox is the second browser that adds an error page for MitM. The first one was Google Chrome which was supported in December 2017 to show MitM errors in version 63.
