1248370 - Warning comes up regarding Firefox's Certificate stating that it is not safe to continue

Status: RESOLVED INVALID

(support.mozilla.org :: General, defect)

Description

[Shelagh C]

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.109 Safari/537.36

Steps to reproduce:

This is a copy of the message I received when I tried to make Firefox my default browser and use it to search. I don't know a lot about programming etc, however, when a message like below comes up, I take it to mean that there is a problem with the site's certificate.

https://support.mozilla.org/1/firefox/45.0/WINNT/en-US/prefs-search

Peer's Certificate issuer is not recognized.

HTTP Strict Transport Security: false
HTTP Public Key Pinning: false

Certificate chain:

-----BEGIN CERTIFICATE-----
MIIDgjCCAmqgAwIBAgIJAL+D7enLDnOtMA0GCSqGSIb3DQEBCwUAMCcxCzAJBgNV
BAYTAlVLMRgwFgYDVQQDDA9BQ0VuZ2luZSAoOTg0NikwHhcNMTUwOTE0MDAwMDAw
WhcNMTcxMDA2MTIwMDAwWjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
cm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEbMBkGA1UEChMSTW96aWxsYSBG
b3VuZGF0aW9uMRwwGgYDVQQDExNzdXBwb3J0Lm1vemlsbGEub3JnMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SMknMtspUVL7C4Kg+GzOVZXdZrrkv0y
ai6FalblSH5NAhyMn4iKjvb8WW4odox0g9cP1ak+0W+uxGCgroDAWO9lrx28lTXT
xFX7UVsdlN943ZCmN2lait+88ezXJAoGont+Jqyo3NSvSTyBOsDTU5bveK//JdB3
lMHUxAWLT9gSIwbQpGsfloeDaCz0G9UIETozGhoAmRaHDg9Sk6r4GunYe9Y84CjW
qzK20+Ez5e6E84E7NeDM7u17Xhs/SMKa0rfXBEvhScptnHSBVW5lsiPAH1lDESEC
Tzvkv6pyYlPlMTJKIqM6c2cpwzWJ5QZShO9dUT6O6llLzKgtUnf74QIDAQABo2Mw
YTAzBgNVHREELDAqghNzdXBwb3J0Lm1vemlsbGEub3JnghNzdXBwb3J0Lm1vemls
bGEuY29tMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDQYJKoZIhvcNAQELBQADggEBAER6oY8kHBJLQ7VNEjOBCtsUljnvE9o+4XNt
SM/QS5b3K2uPvL/0Ijul7D9JJ/OXlyRPiBOvEbdS97CRUc3Yja+Kkk0H7FECS/qQ
MfBSmdpKzMkPovsbBrz1t22sMsY6gR+L5AXeqwXsEJ7CNkE1exKYD7zerWjmwKTn
vxsIAs/W7ukWvt5ncPHIugQmhb+QVc3e8e/V8cSNir5oxNRI58MFhdc5MYjuAx6k
WPb81g4S8m9O3QsMI5RPcrG48fdGkt7uViuyMt6GIIixxusS142dy4KeNUdWIgbR
xHFZrTSSvonl9odMgraknWcv0RRRI2Z25Bph3hrWbMI9EW7xNtM=
-----END CERTIFICATE-----



Actual results:

Nothing happened because once I received the warning message about the Certificate not being recognised, I came out of it.


Expected results:

I thought I would be able to download Mozilla, set it on my laptop as my only search engine. I am not a computer tech but the warning was clear so I went back to google to try to find a way of reporting this issue.  I don't know if this is normal or if it's something that always happens? However, I don't want to take any chance with phishing and I don't have the knowledge to know if this is a genuine problem or not.

Comment 1

[YF (Yang)]

It appears to be a middle attack. I don't know the appropriate classification for the disposal of this event. So, websites-security team, please.

Comment 2

[Jeff Bryner [:jeff] (use NEEDINFO 😉)]

Agree with Yang; looks like a local adware attack. 

The proper certificate has a serial number
 0F:05:4A:6B:8A:A1:10:0E:49:B7:46:23:8F:2D:26:6E. 
The one you pasted has 
 bf:83:ed:e9:cb:0e:73:ad

The issuer for the valid one is Digicert. The issuer for the one you pasted is: 
Issuer: C=UK, CN=ACEngine (9846)

Searching around for this it looks like ABengine: 
https://www.herdprotect.com/acengine.exe-a2c85835558c93a6ac275b4666cd5de1b6f4d321.aspx

https://twitter.com/malekal_morte/status/665196253844742144

So this would be a local issue with the computer you are using rather than a problem in the certificate for support.mozilla.org. 

I'd suggest having someone you trust local to you have a look to see if the symptoms of abengine are present and using anti-virus to help remove it. 

I'm closing this bug as it isn't a problem with our site, but thanks for the report and good luck!

Comment 3

[Will Kahn-Greene [:willkg] ET needinfo? me]

These bugs are all resolved, so I'm removing the security flag from them.