Closed Bug 1559477 Opened 6 years ago Closed 6 years ago

Certificate errors with different AVs, mostly Kaspersky, since Firefox 67.0.1

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
67 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1516255

People

(Reporter: st.steurenthaler, Unassigned)

Details

Attachments

(2 files)

firfox1.png
39.24 KB, image/png
Details
security.enterprise_roots.enabled setting of a ff 67.0.2 user with kaspersky & certificate problem, website unsecure
45.44 KB, image/png
Details
Attached image firfox1.png

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36

Steps to reproduce:

Can't reproduce the behaviour, we had remote sessions with some of our users with this problem. All had a standard ff installation, no adblocker, partly etp activated.

Kaspersky filed a bug, but we have the problem also with other AVs

Actual results:

We are one of germans largest news website. Starting with Firefox 67.0.1 a lot of our users are not able to enter our website. They get a certificate error, Firefox displays the website is unsecure. All of these users have an AV installed, mostly Kaspersky, but we have also the same error in AVG, Norton, Eset....
We haven't changed our certificate since March 2019, no errors occured till 5th of June. Only solution is to disable https scanning. Disabling the AV (we tested with Kaspersky also does not work, ony uninstall the AV)
Users are on Win 7-10, 32 & 64 bit, FF 67.0.1 +

We disabled for testing also enhanced tracking protection, did not help, still certificate error and an unsecure website

Expected results:

Users should be able to visit our website, without certificate errors

the website is https://www.t-online.de

Hello,

I investigated this issue and its seems to be a duplicated of Bug 1516255. As far as I can tell and from our own Antivirus testing this issue is still reproducible as the issue originates from the Antivirus software blocking security.enterprise_roots.enabled pref on true and then using their own Certificates to scan SSL encripted data, they also change the TSL version to 1.2.

Unfortunately, this does not seem to be a Firefox problem, but an antivirus problem. For Kaspersky user I suggest that they disable the SSL scanning feature "Scan encrypted connections upon request from protection components". This solution applies to all other AV that scan SSL connections.

Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: