Skip to content

MOZILLA_PKIX_ERROR_MITM_DETECTED in Firefox

Key idea:

MOZILLA_PKIX_ERROR_MITM_DETECTED — Firefox saw a suspicious certificate on a domain with pinned keys (google.com, facebook.com, etc). Not a baseline SSL warning — Firefox thinks you're being MITMed. Causes: corporate proxy (Zscaler, Kaspersky AV), legit parental controls, real attack (rare). DO NOT ignore without cause.

This error blocks HTTPS access. Below: causes, fixes, working config, FAQ.

Check your site's SSL →

Common Causes

  • Corporate proxy with TLS inspection (Zscaler, Forcepoint, Symantec)
  • Kaspersky Internet Security / Bitdefender with SSL inspection
  • Router-level parental controls
  • Actual MITM attack (public Wi-Fi, compromised DNS)
  • Hand-rolled MITM test proxy (mitmproxy, Burp)

Step-by-Step Fix

  1. If in a corporate network — expected, contact IT
  2. Temporarily disable antivirus SSL inspection — retest
  3. Switch network (mobile hotspot) — if it's gone = your network
  4. Firefox: about:preferences#privacy → Certificates → "Ask every time"
  5. DO NOT click "Advanced → Accept risk" unless you understand the cause

Check SSL Certificate →

Related SSL Errors

TL;DR: Fixing MOZILLA_PKIX_ERROR_MITM_DETECTED

The MOZILLA_PKIX_ERROR_MITM_DETECTED error in Firefox indicates that a man-in-the-middle (MITM) attack has been detected, often due to improper SSL certificate validation. To resolve this, ensure your connection is secure, verify the server's SSL certificate, and check for installed root certificates. If necessary, clear your browser cache and restart Firefox. For persistent issues, consider disabling any security software that may be interfering.

Understanding the MOZILLA_PKIX_ERROR_MITM_DETECTED Error

The MOZILLA_PKIX_ERROR_MITM_DETECTED error occurs when Firefox identifies a potential man-in-the-middle attack during an SSL/TLS handshake. This typically happens when the browser detects that the SSL certificate presented by the server does not match the expected certificate, often due to interception by proxies or firewalls. This security measure is part of Firefox's commitment to protecting users from potential data breaches.

Common causes include:

  • Proxy Servers: If you're using a proxy server, it may be intercepting SSL traffic, leading to certificate mismatches.
  • Antivirus Software: Some security software performs SSL scanning, which can cause Firefox to flag the connection.
  • Outdated or Misconfigured Certificates: If a website's SSL certificate is outdated or improperly configured, it may trigger this error.

To further diagnose the issue, you can check the Firefox certificate manager by navigating to about:preferences#privacy and clicking on View Certificates. This allows you to inspect the certificates installed and those that are trusted.

Practical Steps to Resolve MOZILLA_PKIX_ERROR_MITM_DETECTED

Resolving the MOZILLA_PKIX_ERROR_MITM_DETECTED error may involve a series of troubleshooting steps. Below are detailed instructions to help you address this issue effectively.

1. Verify Your Network Configuration

Start by checking if a proxy or firewall is affecting your connection:

  1. Open Firefox and navigate to about:preferences.
  2. Scroll down to Network Settings and click on Settings....
  3. Ensure that No proxy is selected unless you specifically need a proxy. If you must use a proxy, verify that it is correctly configured.

2. Check Your SSL Certificate

Next, verify the SSL certificate of the site you are trying to visit:

  1. Click on the padlock icon in the address bar.
  2. Select Connection Secure and then click on More Information.
  3. In the Page Info window, click on View Certificate to check if the certificate is valid and issued by a trusted authority.

3. Disable SSL Scanning in Antivirus Software

If you suspect your antivirus software is causing the issue, you can temporarily disable SSL scanning:

  1. Open your antivirus application.
  2. Look for settings related to Web Protection or SSL Scanning.
  3. Disable the SSL scanning feature and save your changes.

Remember to enable it again after troubleshooting to ensure continued protection.

4. Clear Browser Cache

Clearing your browser cache can also help resolve this issue:

  1. Go to about:preferences#privacy.
  2. Under Cookies and Site Data, click on Clear Data....
  3. Select Cached Web Content and click Clear.

5. Restart Firefox

After making these changes, restart Firefox to apply the settings. If the error persists, consider checking for Firefox updates or resetting Firefox to its default settings.

6. Additional Troubleshooting

If the issue continues, you can check for specific Firefox errors in the console. Open the console with Ctrl + Shift + K and look for any relevant error messages that can provide further insights.

CertificateExpiry, issuer, domains (SAN)
ChainIntermediate and root CA validation
TLS ProtocolTLS version and cipher suite
VulnerabilitiesHeartbleed, POODLE, weak ciphers

Why teams trust us

TLS 1.3
supported
Full
CA chain check
<2s
result
30/14/7
days-to-expiry alerts

How it works

1

Enter domain

2

TLS chain verified

3

Expiry date & vulnerabilities

What Does the SSL Check Cover?

SSL/TLS is the encryption protocol that protects data between the browser and server. Our tool analyzes the certificate, chain of trust, TLS version, and knownvulnerabilities.

Certificate Details

Issuer, validity period, signature algorithm, covered domains (SAN), and validation type (DV/OV/EV).

Chain of Trust

Full chain verification: from leaf certificate through intermediates to root CA.

TLS Analysis

Protocol version (TLS 1.2/1.3), cipher suites, Perfect Forward Secrecy (PFS) support.

Expiry Alerts

Set up a monitor — get Telegram and email alerts 30/14/7 days before expiration.

DV vs OV vs EV Certificates

DV (Domain Validation)
  • Confirms domain ownership only
  • Issued in minutes automatically
  • Free via Let's Encrypt
  • Suitable for most websites
  • Most common certificate type
OV / EV
  • Organization (OV) or Extended Validation (EV)
  • Issued in 1-5 business days
  • Costs $50 to $500/year
  • For finance, e-commerce, government sites
  • Increases user trust

Who uses this

DevOps

SSL certificate monitoring

Security

TLS config audit

SEO

HTTPS as ranking factor

E-commerce

customer trust

Common Mistakes

Expired certificateBrowsers block sites with expired SSL. Set up auto-renewal or monitoring.
Incomplete certificate chainWithout intermediate CA, some browsers and bots cannot verify the certificate.
Mixed content on HTTPS siteHTTP resources on an HTTPS page — the browser lock icon disappears, reducing trust.
Using TLS 1.0/1.1Legacy TLS versions have known vulnerabilities. Use TLS 1.2+ or 1.3.
Domain mismatch in certificateThe certificate must cover all site domains, including www and subdomains.

Best Practices

Set up auto-renewalLet's Encrypt + certbot with cron — certificate renews automatically every 60-90 days.
Enable HSTSStrict-Transport-Security header forces browsers to always use HTTPS.
Use TLS 1.3TLS 1.3 is faster (1-RTT handshake) and safer — legacy ciphers removed.
Monitor expiration datesCreate a monitor on Enterno.io — get notified well before expiration.
Verify chain after renewalAfter certificate renewal, confirm that intermediate certificates are installed.

Get more with a free account

SSL certificate monitoring, check history and alerts 30 days before expiry.

Sign up free

Learn more

Sources

Frequently Asked Questions

Why is Firefox this strict?

Mozilla pins certain root CAs and detects chain tampering. MITM on google.com is a real phishing vector.

Does Chrome show the same?

Chrome shows ERR_CERT_SYMANTEC_LEGACY or NET::ERR_CERT_AUTHORITY_INVALID marked "Pinning". Softer message.

Is a corporate proxy safe?

Depends. IT decrypts your traffic. You must trust your company's security policies and local law.

How do I know if the cert is real?

<a href="/en/ssl">Enterno SSL checker</a> from a clean network (not your office) — shows real CA.

Try the live tool that powered this guide

Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.