A security error has been detected in Firefox: solution

by

Sometimes we find that a security error has been detected in Firefox, and it prevents us from accessing certain pages. They are usually related to the digital certificates of the websites, and now we will see the solution to the most common problems.

Normally we associate the digital certificate to the one offered by public administrations to citizens and companies for online transactions, whether in Firefox or other browsers. In reality, most of today’s websites use digital certificates (albeit simpler), which confirm your identity to a certain extent and make it possible for data to travel encrypted.

The most common error message in these cases is the following:

Warning: potential security risk below

Firefox has detected a potential security threat and failed to load www.EXAMPLE.com. If you visit this site, attackers could try to steal information such as your passwords, emails, or credit card details.

Imagen - Se ha detectado un error de seguridad en Firefox: solución

If we click on the “Advanced” button we will see an error code that determines exactly what is happening and helps us find the solution. Of course, in many cases there will be nothing we can do, except choose the option “Accept the risk and continue” to enter the web.

List of encryption and certificate errors in Firefox

Many of the security errors affect the website or service itself , and the user cannot solve the problem. In any case, thanks to the indicated code we obtain valuable information about it.

These are the most frequent error codes:

SSEC_ERROR_UNKNOWN_ISSUER

It is perhaps the most common error, Firefox tells us that it does not recognize the issuer of the certificate. Therefore, we must be careful if we enter anyway, since the list of trusted issuers is managed directly by the browser.

It is possible to mark an issuer as trusted, but it is still a solution that hides the problem without solving it.

NET::ERR_CERT_DATE_INVALID

It is very likely that the date or time of the operating system is not correct, and that is why Firefox considers that the date of the certificate is not valid, when it really is.

It is enough to correct the date and time of the system, even better would be to allow it to be automatically synchronized over the Internet.

ERR_CERT_SYMANTEC_LEGACY

In 2017 from Chrome, the certificates of Symantec and some subsidiaries (such as GeoTrust, Thawte or RapidSSL) were revoked because Google considered that the company was not guaranteeing security when issuing them.

There is nothing we can do about it, although the websites that have not corrected their certificates in these years are probably abandoned, and we must be very cautious when accessing them.

NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

Firefox stopped accepting SHA-1 encryption for certificates in 2017, because it had been considered weak against hackers with sufficient computing power for more than ten years.

If we encounter this error in Firefox there is also nothing concrete we can do. Again, it will be a website that has not been updated for years, which we can visit if we need to, but it would be unwise to provide any personal data on it.

SEC_ERROR_EXPIRED_CERTIFICATE

This error tells Firefox that the certificate has expired, so it’s no longer valid, usually because the developers haven’t renewed it. Also in this case, for the user we have nothing to do.

A special situation in which we will see this error is the Let’s Encrypt DST Root CA X3 certificate that expired at the end of 2021. It was used by many older equipment that cannot always be updated: mobiles and tablets with Android 2.3.6 or iOS 9, computers with Windows XP SP3 or macOS 10.12 or the Nintendo 3DS and PlayStation 3 systems.

NET::ERR_CERT_AUTHORITY_INVALID

Here Firefox tells us that it does not recognize the certifying authority as trustworthy, something that can happen when it is created by the page itself instead of resorting to a specialized provider. Some public administrations issue their own certificates, which are safe in principle.

In this last case we can continue, but always making sure that we are on the official website and not on an imitation that supplants it (phishing).

ERROR_SELF_SIGNED_CERT

This security error tells us directly that we are dealing with a self-signed certificate, which Firefox does not accept as it is not on its list of trusted providers. If we really trust the website, we can still enter.

It is a process similar to using the Autofirma app with the Spanish administration, except that browsers trust only specialized entities, otherwise it would be impossible to keep a complete list of valid certificates.

Common solutions for a security error

There are some simple steps that can help us with a security error in Firefox, they do not guarantee success (it is almost always the fault of the website) , but they are worth trying if we want to solve the error instead of entering in an insecure way.

These are the possible solutions from the simplest to the most complex:

  1. Check that the time and date of the equipment is correct.
  2. Reload the web page.
  3. Disable your computer’s antivirus.
  4. If you use a VPN, temporarily disable it.
  5. Try changing the DNS of the device in case they are responsible.
  6. Sign in from your browser if you’re connecting to public WiFi.
  7. Avoid public WiFi.

Except in the case of date and time, the Firefox error won’t help us determine which solution is more appropriate , so it makes sense to start from the simplest to the most complex.

Access websites with invalid certificate

Firefox will discourage us from visiting any link with a security error, and will hide the way to do it, something that is prudent if we think that cybercrime continues to grow year after year.

Now, it really is possible to break into insecure websites , and a certificate problem doesn’t always mean they’re malicious. In any case, it is better not to enter personal data, as they will not travel properly encrypted.

Here are the steps to get in anyway:

  1. In the “Warning: potential security risk below” screen, press the button that indicates “Advanced…” :

Imagen - Se ha detectado un error de seguridad en Firefox: solución

  1. Now we will go further down the screen and touch “Accept the risk and continue” to enter:

Imagen - Se ha detectado un error de seguridad en Firefox: solución

  1. The web page will open normally, ignoring the error detected by Firefox.

Unfortunately, there is not always a solution to a security error in Firefox , sometimes we must resign ourselves to entering the site without encryption, or not accessing it to avoid risks to our personal data.