Firefox Shield study to import Windows root certificates - harlan4096 - 27 March 19
Quote:
Mozilla wants to evaluate the impact that the importing of Windows root certificates has on Firefox.
Firefox uses its own certificate store when it validates certificates of site connections by default. While that is beneficial in regards to control that Mozilla has over certificates, it recently introduces an issue that caused connections to secure sites to fail in the browser.
Mozilla had to halt the distribution of Firefox 65 to address the issue. The issue was caused by third-party antivirus engines that installed their own certificates into the Firefox certificate store to enable SSL scanning.
Firefox users would receive "your connection is not secure" and "SEC_ERROR_UNKNOWN_ISSUER" connection errors if affected by the issue.
Users could disable HTTPS scanning in the antivirus solution of choice or flip a preference in Firefox that would allow the browser to import certificates from the Windows Certificate store to mitigate the issue.
Mozilla discovered that the issue could have been prevented if Firefox would use certificates from the Windows Certificate store.
Mozilla wants to find out if using certificates from the Windows Certificate store has any negative effects on Firefox. The assumption is that there won't be any ill-effects; if that is the case, Firefox will import Windows root certificates by default going forward.
Continue Reading
|