Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Will Soon Warn Users of Software That Performs MitM Attacks (zdnet.com)

Posted by msmash on from the better-security dept.

The Firefox browser will soon come with a new security feature that will detect and then warn users when a third-party app is performing a Man-in-the-Middle (MitM) attack by hijacking the user's HTTPS traffic. From a report: The new feature is expected to land in Firefox 66, Firefox's current beta version, scheduled for an official release in mid-March. The way this feature works is to show a visual error page when, according to a Mozilla help page, "something on your system or network is intercepting your connection and injecting certificates in a way that is not trusted by Firefox." An error message that reads "MOZILLA_PKIX_ERROR_MITM_DETECTED" will be shown whenever something like the above happens.

6 of 79 comments (clear)

  1. Will have to be don carefully by The-Ixian · · Score: 4, Insightful

    Not sure how many corporate Firefox deployments there are but this could really give some IT support groups a headache.

    On the bright side, users will learn quickly when Superfish style shenanigans are going on.

    Overall, I like the idea. In practice, I am thinking this is going to cause more pain than pleasure....

    --
    My eyes reflect the stars and a smile lights up my face.
    1. Re:Will have to be don carefully by Ol+Olsoc · · Score: 3, Insightful

      Not sure how many corporate Firefox deployments there are but this could really give some IT support groups a headache.

      Hehe, you aren't kidding.They'll have to find a different way to keep track of where their employees are going.

      In practice, I am thinking this is going to cause more pain than pleasure....

      Pain can be a way of alerting you to problems.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    2. Re:Will have to be don carefully by Anonymous Coward · · Score: 3, Insightful

      Yes, they do. They do not have any right whatsoever to expect that their employees will not notice, and even less right to expect that a 3rd party browser will help to hide their shenanigans.

  2. Re:Okay, I'll bite by Anonymous Coward · · Score: 3, Informative

    Because it contacts a third party server which also looks at the website's certificate. If the certificate that your browser is presented with has a different fingerprint than the one their server sees, an error is flagged.

    See also the CheckMyHTTPS add-on for Chrome and Firefox

  3. Re:ISPs? by TechyImmigrant · · Score: 3, Informative

    How does an ISP inject certs? The whole point of SSL/TLS is to stop that. Is this some new attack vector? Why aren't we just patching the flaw in TLS?

    It's not mitm. That why TFA is so confusing. The attack involves changes to your trust list.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  4. Re:Pain in the ass by TexasDex · · Score: 3, Interesting

    They've already been on the record that third-party antivirus can be harmful to security: https://www.zdnet.com/article/... They're not wrong, I've seen some things from McAfee and Symantec that are downright shady.

    --
    The Cheese Stands Alone.