Mozilla sent Firefox Version 65.0 to the release channel today. Firefox ESR has been updated to Version 60.5.
The update included seven (7) security updates of which three (3) are critical, three (3) are high, and one (1) is rated low.
For the time being, distribution of Firefox 65 has been stopped due to this bug related to certificate errors: 1523701 - SEC_ERROR_UNKNOWN_ISSUER since updating to Firefox 65. Users are getting the error, "Your Connection is not secure", further indicating that that there is an issue with the HTTP Strict Transport Security (HSTS) of the site. According to the referenced bug report it is caused by the web protection modules in antivirus software.
In order for an antivirus software to scan an encrypted SSL connection for malicious content it needs to add its own certificate to Mozilla's certificate store in order to perform a MiTM (Man-in-the-Middle) attack.
Avast has told BleepingComputer that this hotfix is currently being rolled out and will disable HTTPS scanning for the Firefox process only. Furthermore, Lukáš Rypáček of Avast has stated that normal HTTP scanning in Firefox will continue to work as normal.
(In reply to Ryan VanderMeulen [:RyanVM] from comment #15)
Hi Lukas, our users updating to Firefox 65 with Avast & AVG installed have been encountering this error with regularity since we launched on Tuesday. We've temporarily halted all automatic updates on Windows to avoid further exacerbating the issue. Have you gotten reports on your end and if so, do you have any ideas what might be happening from your perspective?
Hi Ryan, Firefox HTTPS filtering will be completely disabled by the new virus engine update (eta 2 hours from now) in avast/avg products. We are working on the proper fix. Thnx, David