Actively Exploited Bug in Fully Updated Firefox

[upnorth]

Content source

https://arstechnica.com/information-technology/2019/11/scammers-are-exploiting-an-unpatched-firefox-bug-to-send-users-into-a-panic/

Scammers are actively exploiting a bug in Firefox that causes the browser to lock up after displaying a message warning the computer is running a pirated version of Windows that has been hacked.

The message reads : Please stop and do not close the PC... The registry key of your computer is locked. Why did we block your computer? The Windows registry key is illegal. The Windows desktop is using pirated software. The Window desktop sends viruses over the Internet. This Windows desktop is hacked. We block this computer for your safety. The message then advises the person to call a toll-free number in the next five minutes or face having the computer disabled.

Spoiler

The attack works on both Windows and Mac versions of the open source browser. The only way to close the window to is to force-close the entire browser using either the Windows task manager or the Force Close function in macOS. Even then, Firefox will reopen previously open tabs, resulting in an endless loop. To resolve the problem, users must force-close Firefox and then, immediately upon restarting it, quickly close the tab of the scammer site before it has time to load.

Jérôme Segura, head of threat intelligence at security provider Malwarebytes, said the Firefox bug is being exploited by several sites. On Monday, Segura reported the bug to the Bugzilla forum. He said he has since received word Mozilla is actively working on a fix. Firefox representatives couldn't immediately provide information on the status of the bug.

 

[zzz00m]

So I wonder how many Mac users will fall for "This Windows desktop is hacked. "

 

[ForgottenSeer 823865]

So I wonder how many Mac users will fall for "This Windows desktop is hacked. "

i hope they changed the OS name accordingly lol.

 

[shmu26]

Okay, so it's an annoying bug, but not a severe one.

 

[blackice]

For security Chrome is just the easiest to use. But I have a soft spot for Firefox. I’ve used it on and off since the beginning. They are doing good things.

 

[ForgottenSeer 823865]

i used to like FF because you could customize its appearance quite a lot. Now, i prefer Chromium browsers because they are just safer thanks "big wallet" for the bug bounty programs. FF can't even compete with that.
Now i look closely at Chromedge because it aim to unify the best of Chromium and MS security.

 

[DeepWeb]

News sites are fear mongering. I don't know anyone who has ever run into one of these exploits.

 

[Stas]

It's easy to unlock if you block internet.

 

[upnorth]

I tested the PoC. The bug does work but, it's easy to kill and the developers are working on a fix.

Whatever else people may do, they should never call the phone number displayed.