Closed Bug 1540164 Opened 8 months ago Closed 8 months ago

Cert error page is displayed after restart when toggling the specific prefs

Categories

(Firefox :: Security, defect)

All
Windows 10
defect
Not set

Tracking

()

RESOLVED WONTFIX
Tracking Status
firefox-esr60 --- disabled
firefox66 --- disabled
firefox67 --- affected
firefox68 --- affected

People

(Reporter: ciprian_georgiu, Unassigned)

Details

(Keywords: regression, regressionwindow-wanted)

Affected versions

  • latest Nightly 68.0a1
  • Beta 67.0b6

Affected platforms

  • Windows 10 x64

Prerequisites

  • have the AdGuard antivirus v6.4 installed.

Steps to reproduce

  1. Launch Firefox.
  2. Set security.certerrors.mitm.auto_enable_enterprise_roots to true.
  3. Go to a HTTPs website, e.g. https://google.com/.
  4. Restart the browser.
  5. Set security.enterprise_roots.enabled to false.
  6. Restart the browser.
  7. Access a HTTPs website e.g. https://google.com/.

Expected result

  • The HTTPs website loads properly and no cert error page is displayed.

Actual result

  • The cert error page is displayed.

Regression range

  • I can't seem to reproduce this on 67.0a1 (20190314094420), when this feature first landed; I'll follow-up with a regression range asap.
Has Regression Range: --- → no
Component: Security → Security: PSM
Product: Firefox → Core

If you reset "security.enterprise_roots.enabled" without also resetting "security.enterprise_roots.auto-enabled", I think the front-end will think it tried to auto-import the enterprise roots but that this didn't fix the problem, so it won't try to re-enable the enterprise roots feature.

Component: Security: PSM → Security
Product: Core → Firefox

I'm torn between WONTFIX and P5 on this one, if you revert the decision made by our MitM detection mechanism without considering its inner workings (which would mean also resetting the security.enterprise_roots.auto-enabled pref) then we can't guarantee that it continues to work.

Closing this for now, let me know if I'm not considering something here :)

Thanks!

Status: NEW → RESOLVED
Closed: 8 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.