Firefox Beta 120 trusts OS certificates by default
Seems that Firefox Beta 120 is changing the default behavior for certificate trust from its own repo to the OS repo. This is stated in the release notes:https://www.mozilla.org/en-US/firefox/120.0beta/releasenotes/
and here is the relevant bugzilla link: https://bugzilla.mozilla.org/show_bug.cgi?id=1858531
so anyone relying in the existing Firefox behavior needs to opt-out of this new behavior
10 comments
[ 1409 ms ] story [ 3213 ms ] threadApparently this was done to please annoying AV softwares [1].
[1] https://static.googleusercontent.com/media/research.google.c...
Worst thing to me about enterprise certs is when people get tricked into installing them because a captive portal says that's the only way they can get their iphone on the free wifi.
I also think that, to save energy (and to work-around compatibility issues), you should be allowed to configure it to use insecure proxies for secure connections (usually these insecure proxies would run on your computer, or LAN, but this is not strictly required).
> By default, Firefox will now use TLS trust anchors (e.g., certificates) added to the operating system by the user or an administrator. This works on Windows, macOS, and Android, and it can be turned off in the "Privacy & Security" section of Firefox settings, under "Certificates".
what you state "ignores any certificates distributed by default in the OS." is the as-is situation which is changing in the next weeks and you need specifically to opt-out and will include ALL the certificates no matter if they come from the user or the system. So please elaborate why you think it is the wrong summary