Firefox checks a website’s security certificate to ensure the site is legitimate and that your connection is encrypted. If the certificate can’t be validated, Firefox will stop the connection and display a "Warning: Potential Security Risk Ahead" page.

This article explains what the most common related error codes mean—SEC_ERROR_UNKNOWN_ISSUER, MOZILLA_PKIX_ERROR_MITM_DETECTED, and ERROR_SELF_SIGNED_CERT—and how to troubleshoot them.

Understand the error code

1. On the warning page, click Advanced….
2. Check the error code displayed.
3. If you see:
   • SEC_ERROR_UNKNOWN_ISSUER or MOZILLA_PKIX_ERROR_MITM_DETECTED: The certificate was issued by an untrusted authority.
   • ERROR_SELF_SIGNED_CERT: The site is using a self-signed certificate.

If the error occurs on multiple secure sites

This usually means something on your device or network is intercepting secure connections and replacing website certificates. Common causes:

• Antivirus software scans encrypted connections
• Corporate network monitoring tools
• Malware

Check your antivirus settings

Avast/AVG

1. Open the Avast or AVG dashboard.
2. Go to Menu → Settings → Protection → Core Shields.
3. Under Web Shield, uncheck Enable HTTPS Scanning.

   In older versions of the product you'll find the corresponding option when you go to Menu > Settings > Components and click Customize next to Web Shield.

4. Confirm and restart Firefox.

Bitdefender

1. Open the Bitdefender dashboard.
2. Go to Protection → Online Threat Prevention → Settings.
3. Toggle off the Encrypted Web Scan setting.

   In older versions of the product you can find the corresponding option labelled Scan SSL when you go to Modules > Web Protection.

For corporate Bitdefender products, please refer to this Bitdefender Support Center page.</div>

Bullguard

1. Open the Bullguard dashboard.
2. Go to Settings → Advanced → Antivirus.
3. In the safe Safe browsing section, uncheck the Show safe results option for those websites that are showing errors.

ESET

Follow the steps in ESET’s support article to disable and re-enable SSL/TLS protocol filtering.

Kaspersky

1. Open the Kaspersky dashboard.
2. Go to Settings → Additional → Network.
3. In the Encrypted connections scanning, select Do not scan encrypted connections.
4. Restart your system.

Check for corporate network interception

If you’re on a work network, your IT department may need to add the interception certificate to Firefox’s trust store. See CA:AddRootToFirefox for instructions.

Scan for malware

Some malware can intercept secure connections. See Troubleshoot Firefox issues caused by malware.

If the error occurs on one site only

Likely causes:

• Server misconfiguration
• Missing intermediate certificate
• Self-signed certificate

If the site belongs to you, test it using SSL Labs and correct any “Chain issues: Incomplete” results.

When you can’t bypass the warning

You won’t see Accept the Risk and Continue if:

• The site uses HTTP Strict Transport Security (HSTS)
• The certificate has certain critical errors
• Your Firefox is managed by an enterprise policy that disables bypasses

For major sites (banks, email providers), bypassing is never allowed because it could indicate your connection is compromised.

About permanent exceptions

Firefox does not allow permanent certificate exceptions for most sites, especially on the public internet. For local network sites (LAN), the safest approach is to:

• Install a valid certificate from a trusted authority
• Or manually add your server’s certificate to Firefox’s certificate store

Bypass the warning (when available)

If Firefox allows it:

1. On the warning page, click Advanced….
2. Click Accept the Risk and Continue.

Related articles

• Secure connection failed and Firefox did not connect
• Troubleshoot Firefox issues caused by malware
• What do the security warning codes mean?