11 Jan Firefox will soon warn you about the Man-in-the-Middle
Firefox 65 will provide users with more information when something gets in the middle of their connection
Mozilla will now give its users more information when a Man-in-the-Middle scenario occurs with the release of Firefox 65. Previously, the browser had issued a warning when a MITM occurred, but failed to give much insight into what was happening.
That’s all about to change.
With the release of Firefox 65, users will now get more
information about who may be attempting a MITM.
So today we’ll discuss this new feature, Man-in-the-Middle scenarios in general and how this may impact your organization.
Let’s hash it out.
Should we refer to Man-in-the-Middle as an attack?
If you’re a regular reader you know we talk about
Man-in-the-Middle scenarios quite a bit. We’ve covered what MITM is. We’ve
covered how easy it is to pull one off. Now let’s discuss whether or not it’s
really accurate to refer to this as an “attack.”
And the answer is not always.
While it certainly constitutes an attack when a malicious
actor gets in the middle of a connection—the Man-in-the-Middle isn’t always a
bad guy. A lot of times, especially with large companies and enterprises, it’s
actually just that organization itself, either inspecting HTTPS traffic or load
There are also antivirus programs that can get in the middle
of a connection to inspect encrypted traffic for anything malicious.
Of course, there are also plenty of nefarious things that
can be done in a MITM scenario, too. There are the obvious risks with eavesdropping,
spoofing, etc. But there are also adware programs, and even some malware, that
inject content – typically ads – and compromise the integrity of whatever site
you’re trying to visit.
At any rate, referring to a Man-in-the-Middle scenario
categorically as an attack feels a little obtuse. It can be an attack, or it
could be something completely legitimate.
That’s why Mozilla is giving its users more information.
In Firefox 61, Mozilla added a new error message: MOZILLA_PKIX_ERROR_MITM_DETECTED.
It warned users when a MITM scenario was occurring, but it didn’t really
provide much information beyond that.
Here’s a screenshot of the error courtesy of Bleeping Computer:
Firefox 65 will provide users with far more information on the scenario. You’ll now be able to get details from the certificate that’s facilitating the MITM. This will give Firefox users a better handle on whether the MITM is malicious, or just the product of an antivirus program or, as shown in the warning below (also courtesy of Bleeping Computer), an HTTP debugger like Fiddler.