Updating Firefox to version 65

Avast Free Antivirus / Premium Security
21

Hi guys, a clean! reinstall of Avast should fix the issue.

22

Confirmed: TLS 1.2 depreciated from TLS 1.3 setting here a couple of months ago in about:config, manually changed.

23

Just used the Avast cleanup tool and did a Safe Mode clean install and seems to be OK.

However, I have to say the hassle of a clean install is really unacceptable.

24
  1. OK, thanks for the feedback.
  2. Agreed, but it seems only few users run into this, so it’s no general problem.
25

I don’t see anything in about:config (search on TLS) specifically relating to a depreciation to TLS 1.2 (or actually stating the version).

26

I just posted in mozilla.support.firefox about the two programs not playing “nice” anymore (it happened to me this AM). I ask for feedback on which kludge is more secure (1) turning off the Avast web shield or (2) changing the value from “false” to “true” on the FF 65 setting: security.enterprise_roots.enabled Awaiting what I suspect will be an “interesting” bunch of responses!

27

None, both are workarounds. See Reply #20.

28

@ pdkent2002
I think this won’t just be impacting Avast/Firefox 65 users, but other AV that attempt to scan https content in firefox 65 for viruses

29

Hello,

I solved the problem on my computer of “SEC_ERROR_UNKNOWN_ISSUER” and “MOZILLA_PKIX_ERROR_MITM_DETECTED” that appeared after the update of FIREFOX 65.
And leaving the web agent enabled.

I’m going to Firefox Settings.

  • Settings
  • Privacy and security
  • Certificates
  • View certificates
  • ‘Authorities’ tab
  • Selects the certificate “Avast Web/Mail Shield”
  • Change the trust
  • Select “This certificate can identify websites” and valid.

And normally it’s good. I translated the names of the options from my French version so the names may not be exact.

Best Regards,

30

A Little Troubleshooting:

  • I googled TLS settings in Firefox and wound up at a site featuring FF version 49.0!
  • See 1st pic below for TLS 1.2 settings
  • To move TLS min setting to TLS 1.3 requires Integer value to be changed to (4)
  • See 2nd pic below for TLS 1.3 loaded
  • Pics 3 and 4 show resulting Secure Connection errors on some sites and include default way of fixing these errors in browser window
  • Resetting via ‘Restore Default Settings’ button fixes the error and resets TLS min value to 3

You should now be able to access web sites as normal.

TLS min has to be set at value 3.

31

There is seemingly a much easier fix for this problem than clean reinstalling Avast, as per Firefox reddit…

Your certificate file might be corrupted - just throw it in the bin and FF will rebuild it. You can find it in your Profile folder: *\Data\profile\cert8.db

To easily find your profile folder: open the menu at the top right corner,

click on the question-mark at the bottom,

click on “Troubleshooting Information”,

at the first table you see click on the button that says “Show Folder”.

As also commented by another user the cert8.db might be a different number, as mine was cert9.db.
It was as simple as sending it to the bin and reloading Firefox, hope this helps guys :slight_smile:

edit

Forgot the link…

https://www.reddit.com/r/firefox/comments/albqm4/firefox_updated_to_version_65_and_now_all_i_get/

32

This worked for me. I had both cert8.db and cert9.db
Thanks.

33

Deleting the certs didn’t work for me, nor did reinstalling Firefox or Avast; it only works by disabling HTTPS scanning which clearly isn’t ideal.

34

The workaroung switching security.enterprise_roots.enabled from false to true has 1 big disadvantage:
If you are using a master-password it will ask you then everytime you start Firefox to enter it.
Not only when a password is needed or saved/updated. Always! That’s really annoying.

35

Could you

  1. go to about:preferences#privacy (either by typing/clicking in the link it or through menu Options and
  2. click on Privacy & Security
  3. scroll down to Certificates
  4. click on View Certificates.
  5. Select Avast Web/Mail Shield Root - Software Security Device
  6. click Edit Trust.

The checkbox This certificate can identify websites should be checked. If not, please do so.

Does it help?

(we are working on a fix, but it would help us to confirm that this workaround worked for the case when Firefox shows ‘Your connection is not secure’)

36

Sadly mine was already checked so there was nothing to do there.

Also, my partner has Bitdefender 2019 and the same error is happening with Firefox on that computer too (only working when you deactivate the HTTPS equivalent or change the Firefox setting). It looks like Mozilla really jumped the gun with this update.

I reverted my original workaround because I don’t think it’s safe to have no HTTP scanning, and changed the Firefox setting instead, although I echo the other user that it asking for the Master Password each run is annoying. I just wish I could use the quick-fixes that seem to work for many others! But no dice, for whatever reason.

37

This article will interest all posters in this topic, I think https://www.ghacks.net/2019/02/01/mozilla-halts-firefox-65-distribution-on-windows/

38

We have released the hotfix in Virus Definition Update 190201-6. It is applied automatically, no need to reboot the computer.

Please let us know if it helped.

Thanks. Pavel

39

Https scanning doesn’t work anymore, not sure if that’s intentional. Everything was actually working fine for me before that fix was released.

40

Firefox 65, reverted security enterprise roots enabled to false (default) and is working fine.
Thanks.