X
Tap here to go to the mobile version of the site.

Support Forum

How can I stop Firefox from all website security warnings and blocks? Firefox is almost getting useless due to this blocking

Posted

Firefox is far too extreme in blocking access to websites preventing me from browsing for "connection" and "security certificate" so-called "issues/errors". It almost regularly attempts to block me from accessing websites such as, for example, CNN (!!) for security certificate issues, and in many cases absolutely will not allow me to browse to some websites. This gets to the point where I have to switch to a different browser to visit websites I have been using for >>decades<<. How can I **completely** shut off ALL Firefox security monitoring to allow ME to decide what I want to view?

Just FYI, I have NO PROBLEM with websites tracking my visits, I actually prefer that.  As well, I have NEVER seen any problems with security certificates endangering me at any of the websites I view, whether the website's certificate is current or not.  I am quite capable of judging for myself whether a website poses any danger to my PC, and I have an AV utility that does an excellent job of protecting my PC, I do NOT need any help from Firefox. I never visit websites that would even remotely present a danger to my system, I am not into games, dark web idiocy, or any other such dangerous sites and I know what to look for to decide the reliability of any site I visit.  I have NEVER, in over 25 years, been hacked or endangered, so I need no help from Firefox.

Thanks for any help,

Pete B

Firefox is far too extreme in blocking access to websites preventing me from browsing for "connection" and "security certificate" so-called "issues/errors". It almost regularly attempts to block me from accessing websites such as, for example, CNN (!!) for security certificate issues, and in many cases absolutely will not allow me to browse to some websites. This gets to the point where I have to switch to a different browser to visit websites I have been using for >>decades<<. How can I **completely** shut off ALL Firefox security monitoring to allow ME to decide what I want to view? Just FYI, I have NO PROBLEM with websites tracking my visits, I actually prefer that. As well, I have NEVER seen any problems with security certificates endangering me at any of the websites I view, whether the website's certificate is current or not. I am quite capable of judging for myself whether a website poses any danger to my PC, and I have an AV utility that does an excellent job of protecting my PC, I do NOT need any help from Firefox. I never visit websites that would even remotely present a danger to my system, I am not into games, dark web idiocy, or any other such dangerous sites and I know what to look for to decide the reliability of any site I visit. I have NEVER, in over 25 years, been hacked or endangered, so I need no help from Firefox. Thanks for any help, Pete B
Quote

Additional System Details

Installed Plug-ins

  • Shockwave Flash 32.0 r0

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

More Information

Tyler Downer
  • Top 25 Contributor
  • Moderator
1530 solutions 10669 answers

What anti-virus are you using? Can you give the specific cert error you see?

What anti-virus are you using? Can you give the specific cert error you see?
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8695 solutions 71066 answers

Helpful Reply

Hi Pete, what Firefox often is telling you is that it cannot verify that the server sending the response is the real site. There are many possible reasons for that, but if numerous unrelated sites are affected, the most likely explanation is a "man in the middle" of your connection. This could be innocent -- your security software may read all your browsing for filtering purposes -- or a serious privacy problem.

The standard error page has an "Advanced" button to access a more technical explanation of the problem. Could you copy/paste that explanation into a reply?

Also, see: How to troubleshoot security error codes on secure websites

Hi Pete, what Firefox often is telling you is that it cannot verify that the server sending the response is the real site. There are many possible reasons for that, but if numerous unrelated sites are affected, the most likely explanation is a "man in the middle" of your connection. This could be innocent -- your security software may read all your browsing for filtering purposes -- or a serious privacy problem. The standard error page has an "Advanced" button to access a more technical explanation of the problem. Could you copy/paste that explanation into a reply? Also, see: [[How to troubleshoot security error codes on secure websites]]
Was this helpful to you? 1
Quote

Question owner

The standard error page you describe is what I am seeing, but sometimes it offers an advanced option that allows you to disregard the error and continue to the site at your own risk. But other times it absolutely refuses to let you go to the website, and I have to just quit and go to another browser to get on to the target site. THAT is the biggest issue, but I would prefer to completely avoid all this monitoring and not get any of this. My AV (Kaspersky's) does a very good job of protecting me, I do not need the browser involved. So if there is a way to disable all that in the browser, please fill me in.

Thanks

Pete B

The standard error page you describe is what I am seeing, but sometimes it offers an advanced option that allows you to disregard the error and continue to the site at your own risk. But other times it absolutely refuses to let you go to the website, and I have to just quit and go to another browser to get on to the target site. THAT is the biggest issue, but I would prefer to completely avoid all this monitoring and not get any of this. My AV (Kaspersky's) does a very good job of protecting me, I do not need the browser involved. So if there is a way to disable all that in the browser, please fill me in. Thanks Pete B
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8695 solutions 71066 answers

Hi Pete, since you mention Kaspersky, the issue could be caused by its filtering feature.

If you'll allow me to explain: Kaspersky, Avast, AVG, Bitdefender, ESET, and probably some other products intercept your browsing to filter what is going out to and coming back from websites. In order to be able to read content sent on a secure connection, Kaspersky generates a fake website certificate for each site. Naturally, these fake certificates do not check out, so Firefox rejects them.

In order to get Firefox to trust the fake site certificates, you need the Kaspersky certificate used to sign the fake certificates set up as a trusted authority in Firefox.

Normally, Kaspersky products take care of this setup for you automatically at Windows startup, and it should stick until your Firefox certificate store is refreshed, for example, by using the Refresh feature or manually deleting the cert9.db file, or if you start using a new profile. In those cases, the setup needs to be done again.

You try going into Kaspersky's settings and pushing the certificate over to Firefox from there. If that or a Windows restart doesn't fix it, there is Plan B and Plan C, but since this post is long already...

Hi Pete, since you mention Kaspersky, the issue could be caused by its filtering feature. If you'll allow me to explain: Kaspersky, Avast, AVG, Bitdefender, ESET, and probably some other products intercept your browsing to filter what is going out to and coming back from websites. In order to be able to read content sent on a secure connection, Kaspersky generates a fake website certificate for each site. Naturally, these fake certificates do not check out, so Firefox rejects them. In order to get Firefox to trust the fake site certificates, you need the Kaspersky certificate used to sign the fake certificates set up as a trusted authority in Firefox. Normally, Kaspersky products take care of this setup for you automatically at Windows startup, and it should stick until your Firefox certificate store is refreshed, for example, by using the Refresh feature or manually deleting the cert9.db file, or if you start using a new profile. In those cases, the setup needs to be done again. You try going into Kaspersky's settings and pushing the certificate over to Firefox from there. If that or a Windows restart doesn't fix it, there is Plan B and Plan C, but since this post is long already...
Was this helpful to you? 0
Quote

Question owner

That is all true, I am aware of most of that. My point is, Kaspersky's AV does all the monitoring I need, I do not need Firefox to do any such monitoring at all. And the KAV is not perfect, either,it makes a lot of dumb assumptions, too, in this area, especially with certs or with, say, a website that wants tro redirect you to another site, which it assumes is "dangerous". But at least my KAV allows me to ignore this warning in every case, unlike Firefox.

Of course, part of this is the fact that a whole slew of everyday websites have these issues now and then, I get these "alerts" from all kinds of sites that are absolutely secure, lke my bank, my financial manager, my local and national news sites, etc. but at least KAV allows me to add such sites to a list of exmptions from such warnings, unlike Firefox, which has no such provision when it really refuses to allow me to connect to a website it deems "dangerous".

If this whole issue was treated th same by all web browsers, I would agree that it was worht the attention in some cases, but that is not the case. In every instrance I have the lockout by Firefox, I can immediately start up Chrome or IE and go tro the site uninhibited, and it has NEVER caused me a problem. So all I want is for Firefox to let ME decide what is forbidden and what is not.

So if you know of a way to inhibit the total lockouts by Firefox, please let ne know. I like Firefox best of the three browsers I use, but this issue is really aggravating me to the point I may have to switch to another browser as my default.

Thanks,

Pete B

That is all true, I am aware of most of that. My point is, Kaspersky's AV does all the monitoring I need, I do not need Firefox to do any such monitoring at all. And the KAV is not perfect, either,it makes a lot of dumb assumptions, too, in this area, especially with certs or with, say, a website that wants tro redirect you to another site, which it assumes is "dangerous". But at least my KAV allows me to ignore this warning in every case, unlike Firefox. Of course, part of this is the fact that a whole slew of everyday websites have these issues now and then, I get these "alerts" from all kinds of sites that are absolutely secure, lke my bank, my financial manager, my local and national news sites, etc. but at least KAV allows me to add such sites to a list of exmptions from such warnings, unlike Firefox, which has no such provision when it really refuses to allow me to connect to a website it deems "dangerous". If this whole issue was treated th same by all web browsers, I would agree that it was worht the attention in some cases, but that is not the case. In every instrance I have the lockout by Firefox, I can immediately start up Chrome or IE and go tro the site uninhibited, and it has NEVER caused me a problem. So all I want is for Firefox to let ME decide what is forbidden and what is not. So if you know of a way to inhibit the total lockouts by Firefox, please let ne know. I like Firefox best of the three browsers I use, but this issue is really aggravating me to the point I may have to switch to another browser as my default. Thanks, Pete B
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8695 solutions 71066 answers

Pete, there's no way to set Firefox not to verify HTTPS connections. Forget about that idea. Understand that Firefox is not giving you an opinion on the website, the question is whether your connection is being intercepted between you and the site.

I asked for information to help get to the cause of the problem. You didn't give me that, but you mentioned that you use Kaspersky. I explained why Kaspersky products can cause this problem and how to solve that, if that is the problem (but we haven't confirmed that).

Your other browsers must already be set up to trust Kaspersky to sign fake website certificates or you would get the same error. Now Firefox needs to be set up, or you can set Kaspersky not to intercept your secure browsing connections.

Again, see: How to troubleshoot security error codes on secure websites.

Pete, there's no way to set Firefox not to verify HTTPS connections. Forget about that idea. Understand that Firefox is not giving you an opinion on the website, the question is whether your connection is being intercepted between you and the site. I asked for information to help get to the cause of the problem. You didn't give me that, but you mentioned that you use Kaspersky. I explained why Kaspersky products can cause this problem and how to solve that, if that is the problem (but we haven't confirmed that). Your other browsers must already be set up to trust Kaspersky to sign fake website certificates or you would get the same error. Now Firefox needs to be set up, or you can set Kaspersky not to intercept your secure browsing connections. Again, see: [[How to troubleshoot security error codes on secure websites]].
Was this helpful to you?
Quote
Tyler Downer
  • Top 25 Contributor
  • Moderator
1530 solutions 10669 answers

Note that Kaspersky does more shady things than just hijacking your secure connection.

https://arstechnica.com/information-technology/2019/08/kaspersky-av-injected-unique-id-into-webpages-even-in-incognito-mode/

Note that Kaspersky does more shady things than just hijacking your secure connection. https://arstechnica.com/information-technology/2019/08/kaspersky-av-injected-unique-id-into-webpages-even-in-incognito-mode/
Was this helpful to you? 0
Quote

Question owner

AS I mentioned before, I do not have a problem with tracking, in fact I prefer it.

What Kaspersky does is allow me to make exceptions tp prevent such warnings from causing me to be blocked. I can see the importance of monitoring such cert issues, but I see no reason why that should allow FF to absolutely block me from a website. If I was on a corporate network, OK, but not for my home PC.

Despite the fears expressed, I have been using KAV for about the last couple of decades, I have never ever had **any** problems or indications that it caused me harm. I don't need nor want any such oversight. And as I also said, I do get plenty of such monitoring from KAV every day, but I can always tell KAV to override any blocking.

Pete B

AS I mentioned before, I do not have a problem with tracking, in fact I prefer it. What Kaspersky does is allow me to make exceptions tp prevent such warnings from causing me to be blocked. I can see the importance of monitoring such cert issues, but I see no reason why that should allow FF to absolutely block me from a website. If I was on a corporate network, OK, but not for my home PC. Despite the fears expressed, I have been using KAV for about the last couple of decades, I have never ever had **any** problems or indications that it caused me harm. I don't need nor want any such oversight. And as I also said, I do get plenty of such monitoring from KAV every day, but I can always tell KAV to override any blocking. Pete B
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.