Why does Firefox claim that my connection to Google is insecure?

Kaspersky, like most AV products these days, is performing a local MITM against your secure HTTP traffic. It does this in order to be able to scan payloads in HTTP transactions, be it in the request or the response.

In order for this to be done correctly, Kaspersky has to generate its own root CA certificate, and generate spoofed certificates on the fly, feeding them to your browser. Kaspersky also has to install this CA into your operating system's Trusted Certificate store.

The reason why it needs to install it into the OS certificate store is because this is where most software looks to validate that the Certificate Authority who has issued the certificate it has received is a valid, trusted Authority. If that authority is not there, boom, you get this error.

FireFox is the only mainstream web browser that is paranoid. It refuses to trust your OS's cert store, precisely because its so easy to simply install a fake CA into it and start MITM'ing peoples connections. Instead, FireFox is distributed with a complete list of all CAs that Mozilla trusts.

What's cute about this is that it's not actually adding any security whatsoever. You can simply compile the open source Mozilla NSS package and, included in it is a utility called CertUtil that can transparently inject certificates, even root CAs, into FireFox's trusted cert store. This does not require the user to accept it, nor does it even alert the user that this has happened. You can see how easy this is to do in a C# function I wrote here.

So what's happening here is that Kaspersky is not properly MITM'ing FireFox, so when FireFox gets fed certs issued by Kaspersky's CA, it's throwing all the alarms and screaming at you that you're under attack.


I had the same issue. Any website I went to wouldn't work. The computers date was off and set back to 2006. I changed the system date by right clicking on the date in the lower right tool bar of windows. After, Mozilla and explorer both worked just fine.