Closed Bug 1547013 Opened 1 year ago Closed 1 year ago

Enable automatically fixing MitM errors by default

Categories

(Firefox :: Security, task, P1)

68 Branch
task

Tracking

()

RESOLVED FIXED
Firefox 68
Tracking Status
relnote-firefox --- 68+
firefox67 --- wontfix
firefox68 + fixed

People

(Reporter: wthayer, Assigned: johannh)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

The enterprise roots preference on Windows and MacOS imports roots that have been added to the OS root store by the user. We tested enabling this pref by default and found significant improvement in user engagement metrics. This bug is a request to enable the following changes by default:

  1. In Release, whenever a MitM certificate error is detected, automatically enable the "enterprise roots" pref and retest. If the error is fixed, leave "enterprise roots" enabled.

  2. in ESR, enable the "enterprise roots" pref by default.

Assignee: nobody → jhofmann
Status: NEW → ASSIGNED
Type: defect → task
Component: General → Security
Priority: -- → P1
Summary: Automatically Fix MitM Errors → Enable automatically fixing MitM errors by default and import enterprise roots in ESR

Release Note Request (optional, but appreciated)
[Why is this notable]: Changing how Firefox processes certificate errors
[Affects Firefox for Android]: No
[Suggested wording]: When an HTTPS error caused by antivirus software is detected, Firefox will attempt to automatically fix it.
[Links (documentation, blog post, etc)]: Blog post is being drafted at this time.

relnote-firefox: --- → ?
Depends on: 1541012
Summary: Enable automatically fixing MitM errors by default and import enterprise roots in ESR → Enable automatically fixing MitM errors by default
Pushed by jhofmann@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/47e5e0e62494
Enable automatically fixing MitM errors by default. r=keeler
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED

This is in the 68.0beta desktop release notes.

You need to log in before you can comment on or make changes to this bug.