Firefox exploit lets scammers freeze browser, show users scary message

Scammers are taking advantage of a flaw in the almost recent version of Firefox — release seventy — that can lock up the browser while displaying a frightening message.

Co-ordinate to an Ars Technica written report, the exploit allows malicious sites to freeze the browser completely. Users can't exit tabs or close the browser through normal ways. When the lock-downwards happens, the browser displays a message warning users that they're using a pirated version of Windows. The full message is as follows:

"Please finish and do not close the PC… The registry central of your computer is locked. Why did nosotros block your computer? The Windows registry key is illegal. The Windows desktop is using pirated software. The Window desktop sends viruses over the Internet. This Windows desktop is hacked. Nosotros block this reckoner for your safe."

The exploit requires no interaction from users and happens upon visiting a site. Further, it warns users to call a price-free number within the next 5 minutes, or their estimator will exist disabled.

The set on works on both Windows and Mac versions of Firefox. If you're striking with the exploit, the only way effectually information technology is to strength close the browser through either Windows Task Manager or the 'Forcefulness Shut' function in macOS.

When Firefox doesn't shut down properly, it attempts to restore the open up tabs adjacent fourth dimension you lot open up it. This can catch users in an endless loop unless they have disabled the restore tabs option. Alternatively, they can open Firefox and quickly close the offending tab before it loads, or temporarily disconnect from the internet when relaunching the browser.

A ready is in the works

Jérôme Segura, head of threat intelligence at Malwarebytes, told Ars that several sites have taken advantage of the flaw using code specifically designed to exploit it.

Segura filed a report on the Bugzilla forum, Mozilla'due south bug tracking site. Since and so, the company behind Firefox said it was working on a set up. Further, Mozilla told Ars in a argument that users should expect the set up "to land in the side by side couple of releases (either in Firefox 71 or 72)."

Segura's bug study included a GIF showing the malicious set on in activity.

Unfortunately, these kinds of attacks aren't new, and they're not exclusive to Firefox. Google Chrome also had these kinds of exploits, which take reward of authentication pop-ups, to lock browsers and display scary letters.

Segura told Ars that he'south aware of a separate, similar Firefox exploit that hasn't been fixed some two years after its discovery. Yet, he noted that he hadn't seen it actively used in recent attacks.

For about users, information technology can exist frightening when a browser locks upward, peculiarly when it displays a deceptive bulletin like the ane in this attack. The all-time matter to do in these circumstances is to remain at-home and not react of a sudden to what'due south happening. It's also probably wise to not contact telephone numbers or emails included in pop-ups, as they tin exist part of the scam. Typically, these scams want to frighten users into handing over valuable information or money.

Ultimately, if you encounter one of these situations, the best thing to do is quit the browser. On Windows, yous can use the Task Managing director (accessible through 'Control' + 'Alt' + 'Delete') or by hitting 'Alt' + 'F4' on the keyboard to close the programme. On Mac, 'Command' + 'Q' or clicking the name of the program in the height left corner and selecting 'Force Quit' should work equally well.

Source: Bugzilla Via: Ars Technica