Hello Today, as part of an "upgrade" to version 19.5 Avast Antivirus has forcefully enabled the entire Microsoft PKI for all Firefox users that also happen to be users of Avast [Free] Antivirus.
They now forcefully set this Mozilla enterprise policy for all users of Avast: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\Certificates "ImportEnterpriseRoots"=dword:00000001 And this causes Mozilla Firefox to trust all the root certificates in the Windows store... but with a bug: Firefox ignores the local revocation info for root certificates and thus considers revoked root certificates as being valid. Related Mozilla bugzilla bug id: 1553233 *sigh* ~~~~ Adrian R. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy