Mozilla Firefox Version 65.0 Released with Security Updates

Corrine

Corrine

Administrator,
Microsoft MVP,
Security Analyst
Staff member
Joined
Feb 22, 2012
Posts
12,394
Location
Upstate, NY
Mozilla sent Firefox Version 65.0 to the release channel today. Firefox ESR has been updated to Version 60.5.
The update included seven (7) security updates of which three (3) are critical, three (3) are high, and one (1) is rated low.

Release Notes
Security Updates
 
For the time being, distribution of Firefox 65 has been stopped due to this bug related to certificate errors: 1523701 - SEC_ERROR_UNKNOWN_ISSUER since updating to Firefox 65. Users are getting the error, "Your Connection is not secure", further indicating that that there is an issue with the HTTP Strict Transport Security (HSTS) of the site. According to the referenced bug report it is caused by the web protection modules in antivirus software.
 
According to the BC article, Mozilla Halts Firefox 65 Rollout Due to Insecure Certificate Errors,
In order for an antivirus software to scan an encrypted SSL connection for malicious content it needs to add its own certificate to Mozilla's certificate store in order to perform a MiTM (Man-in-the-Middle) attack.

Avast has told BleepingComputer that this hotfix is currently being rolled out and will disable HTTPS scanning for the Firefox process only. Furthermore, Lukáš Rypáček of Avast has stated that normal HTTP scanning in Firefox will continue to work as normal.
Click to expand...
There is no indication on whether Kaspersky is taking any temporary action or waiting for Mozilla.
 
Distribution of Firefox 65 has been resumed, per the updated bug report comment at 1523701 - SEC_ERROR_UNKNOWN_ISSUER since updating to Firefox 65

(In reply to Ryan VanderMeulen [:RyanVM] from comment #15)

Hi Lukas, our users updating to Firefox 65 with Avast & AVG installed have been encountering this error with regularity since we launched on Tuesday. We've temporarily halted all automatic updates on Windows to avoid further exacerbating the issue. Have you gotten reports on your end and if so, do you have any ideas what might be happening from your perspective?

Thanks!

Hi Ryan, Firefox HTTPS filtering will be completely disabled by the new virus engine update (eta 2 hours from now) in avast/avg products. We are working on the proper fix. Thnx, David
Click to expand...
Click to expand...
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top