Firefox 65 users with Avast/AVG installed plagued by certificate errors

Leave a Comment

If you’ve updated Firefox to version 65 released on Tuesday, January 29, 2019 and noticed you can’t access any websites, especially secure websites and receiving certificate error SEC_ERROR_UNKNOWN_ISSUER, check if you’ve Avast/AVG, Kaspersky or other security software installed, because the antivirus software tries to insert their own certificate for websites in Firefox and breaking sites by showing error.

After receiving numerous complaints on their support forum, Mozilla has stopped delivering Firefox 65 update to Windows users via automatic updates.

your connection not secure SEC_ERROR_UNKNOWN_ISSUER

What’s happening?

After updating to Firefox 65, Firefox users unable to access https websites and informed by the browser that their connection is not secure and provided an above-said error code to troubleshoot the issue.

Note: Affected users reported it on Firefox help forums that the issue is noticed with Avast or AVG software installed.

Firefox 65 updates halted

Firefox support forum complaints

Fix SEC_ERROR_UNKNOWN_ISSUER certificate issue in Firefox 65

I. If you”re using Avast/AVG or other third-party antivirus software other than Windows Defender and affected, do the following.

1. Disable HTTPS Scanning in Avast  (old versions)

  •  Open Avast Antivirus
  • Settings > Components,
  • Click Customize for WebShield and uncheck ‘Enable HTTPS Scanning’, click ‘OK’.

If you’re using new Avast 19.1,

1. Launch Avast GUI,

2. Click on menu > Settings > Protection > Core Shields

3. Scroll down a bit and under ‘Configure Shield Settings, click ‘Web Shield’

4. Uncheck ‘Enable HTTPS Scanning’ and close Settings Window.

Or if you’re using Kaspersky, reinstalling it known to fix the issue.

Related: How to disable Avast’s HTTPS Scanning Feature

II. Visit about:config (btw, we’ve new about:config page in Nightly, have a look)

Visit about:config

Find the preference security.enterprise_roots.enabled  and change its value to true.

You either need to make the change in Firefox about:config or disable encrypted connections scanning in antivirus software to avoid this.

The company has already redesigned their certificate error page to show detailed information about which software has caused the issue and provides a link to SUMO page with certificate error codes for antivirus software and offers workarounds to fix those, but the change seems to have not shipped to version 65 and still available on Nightly.

UPDATE: Avast’s Security Researcher, David Jursa said, the company will push an update that will disable Firefox HTTPS filtering in Avast and AVG products.

“Hi Ryan, Firefox HTTPS Filtering will be completely disabled by new virus engine update (eta 2hours from now) in Avast/avg products. We’re working on Proper fix”, he said.

UPDATE February 2. 2019: The https scanning related to Firefox in Avast or AVG could’ve been disabled by now, Avast’ Senior software developer Lukas Repacek confirmed in bug reported above that update has been pushed and user doesn’t need to do anything from their end.

Are you affected?

Venkat Eswarlu
Venkat Eswarlu

Venkat is an independent technology journalist and the founder of Techdows. He has been covering web browsers, Windows, and software news since 2009. His exclusive scoops on Chrome, Firefox, and Edge features have been cited by Forbes, TechCrunch, Wired, CNET, and other major publications.

Leave a Reply

Your email address will not be published. Required fields are marked *