Firefox Certificate Store
With the release of Mozilla Firefox 65 in February 2019, when connecting to HTTPS sites, some users like “Your Connection is not secure” or “SEC_ERROR_UNKNOWN_ISSUER”. The reason turned out to be in antiviruses such as Avast, Bitdefender and Kaspersky, which install their root certificates on the computer for MiTM implementation in the user's HTTPS traffic. And since Firefox has its own certificate store, they try to infiltrate it too.
Browser Developers users to refuse to install third-party antiviruses that interfere with the operation of browsers and other programs, but the mass audience has not yet heeded the calls. Unfortunately, working as a transparent proxy, many antiviruses reduce the quality of cryptographic protection on client computers. For this purpose, developing , which on the server side detect the presence of a MiTM, such as an antivirus, in the channel between the client and the server.
One way or another, but in this case, antiviruses again interfered with the browser, and Firefox had no choice but to solve the problem on its own. There is a setting in the browser configs security.enterprise_roots.enabled. If you enable this flag, then Firefox will start using the Windows certificate store to validate SSL connections. If someone experiences the above errors when visiting HTTPS sites, then you can either disable scanning of SSL connections in the antivirus, or manually set this flag in the browser settings.
Problem in the Mozilla bug tracker. The developers decided to activate the flag for the purpose of the experiment security.enterprise_roots.enabled default so that the Windows certificate store is used without further user action. This will happen from Firefox 66 on Windows 8 and Windows 10 systems that have third-party antiviruses installed (APIs allow you to detect the presence of an antivirus in the system only from Windows 8).
Source: habr.com