Firefox will soon warn users of software that performs MitM attacks

[steven36]

Starting with version 66, Firefox will let you know when antivirus products, malware, or your ISP are tapping into your HTTPs traffic.

 

 

The Firefox browser will soon come with a new security feature that will detect and then warn users when a third-party app is performing a Man-in-the-Middle (MitM) attack by hijacking the user's HTTPS traffic.

 

The new feature is expected to land in Firefox 66, Firefox's current beta version, scheduled for an official release in mid-March.

 

The way this feature works is to show a visual error page when, according to a Mozilla help page, "something on your system or network is intercepting your connection and injecting certificates in a way that is not trusted by Firefox."

 

An error message that reads "MOZILLA_PKIX_ERROR_MITM_DETECTED" will be shown whenever something like the above happens.

 

The most common situation where this error message may appear is when users are running local software, such as antivirus products or web-dev tools that replace legitimate website TLS certificates with their own in order to scan for malware inside HTTPS traffic or to debug encrypted traffic.

 

Another scenario, also quite common, is when a user's computer gets infected with malware that attempts to intercept HTTPS traffic by installing untrusted certificates.

 

A third scenario would be when an ISP or a malicious user on the same network is also hijacking the user's internet traffic, and replacing certificates in order to spy on the user's HTTPS traffic.

 

 

The new MitM error page aims to serve as an early warning sign that something is wrong and that a deeper investigation may be needed.

 

This Mozilla support page comes with various recommendations for each situation and how to configure various antivirus products.

 

The MitM detection feature was initially scheduled to be released with Firefox 65. Its release was delayed after the MitM error page needed more fine-tuning to avoid false positives.

 

Firefox is the second browser to add a MitM error page. The first was Google Chrome, which received support for showing MitM errors in version 63, released in December 2017.

 

Source

[BimBamSmash]

I hope this feature keeps it to this goal and doesn't go Sherlocking about on all running apps and services for surveillance and advertisement purposes. Though that's wishful thinking, I guess.

 

I am usually more curious about hackers' countermeasures to these tactics though. There tends to be more ingenuity and creativity on their side.

[steven36]

3 hours ago, BimBamSmash said:

I hope this feature keeps it to this goal and doesn't go Sherlocking about on all running apps and services for surveillance and advertisement purposes. Though that's wishful thinking, I guess.

 

I am usually more curious about hackers' countermeasures to these tactics though. There tends to be more ingenuity and creativity on their side. 

Its about this

Google and Mozilla's message to AV and security firms: Stop trashing HTTPS

https://www.zdnet.com/article/google-and-mozillas-message-to-av-and-security-firms-stop-trashing-https/

 

Also in the  USA   the ISP can snoop on people on http sites and even https  if you they use your isp dns.

What ISPs Can See

https://www.upturn.org/reports/2016/what-isps-can-see/

 

Also

Quote

However, if the HTTPS page you visit includes HTTP content, the HTTP portion can be read or modified by attackers, even though the main page is served over HTTPS. When an HTTPS page has HTTP content, we call that content “mixed”. The page you are visiting is only partially encrypted and even though it appears to be secure, it isn't. For more information about mixed content (active and passive), see this blog post.

 

Why are you worried? Firefox is open source  the code will be right there for you to read and you will be able disable it in the about config  if you want your av and isp to spy on you .

 

There not like Google who makes  a closed source browser on top of  open source chromium anything in Firefox can be reversed  or removed if you want to edit it or fork it .

 

See Google are the main devs  behind  chromium browser anything they put in it to spy on you can be reversed in it's virgin state.

https://github.com/Eloston/ungoogled-chromium

 

 Once they put the Google ,Opera , etc and soon Microsoft  name on it  they mix it with there closed source components  then it cant be reversed legally. .   .

 

Same with Firefox  it can be reversed  the code is open source.

https://github.com/intika/Librefox

 

Also there Waterfox and Palemoon  witch are forks built on older versions there open source as well..

[BimBamSmash]

I suppose snooping on HTTP is a given these days but I wasn't aware that HTTPS has joined the club too. Kind of defeats the purpose of the protocol, doesn't it?