Jump to content
Sign in to follow this  
Karlston

Actively exploited bug in fully updated Firefox is sending users into a tizzy

Recommended Posts

Karlston

Actively exploited bug in fully updated Firefox is sending users into a tizzy

Fraudulent tech-support sites cause Firefox to freeze while displaying scary message.

Actively exploited bug in fully updated Firefox is sending users into a tizzy
Jérôme Segura

Scammers are actively exploiting a bug in Firefox that causes the browser to lock up after displaying a message warning the computer is running a pirated version of Windows that has been hacked.

 

The message, which appears without any user interaction upon visiting a site, reads:

Please stop and do not close the PC... The registry key of your computer is locked. Why did we block your computer? The Windows registry key is illegal. The Windows desktop is using pirated software. The Window desktop sends viruses over the Internet. This Windows desktop is hacked. We block this computer for your safety.

The message then advises the person to call a toll-free number in the next five minutes or face having the computer disabled. Below is a GIF showing the attack flow:

firefox-locker.gif
Jérôme Segura

The attack works on both Windows and Mac versions of the open source browser. The only way to close the window is to force-close the entire browser using either the Windows task manager or the Force Close function in macOS. Even then, Firefox will reopen previously open tabs, resulting in an endless loop. (Update: as a commenter pointed out, restore tabs is turned off by default.) To resolve the problem, users must force-close Firefox and then, immediately upon restarting it, quickly close the tab of the scammer site before it has time to load.

 

Jérôme Segura, head of threat intelligence at security provider Malwarebytes, said the Firefox bug is being exploited by several sites, including d2o1sv4d11x6bc[.]cloudfront[.]net/firefox/index.html. He said the offending code on the site was written specifically to target the browser flaw.

firefox-browlock-exploit-640x117.png
Jérôme Segura

On Monday, Segura reported the bug to the Bugzilla forum. He said he has since received word Mozilla is actively working on a fix. Firefox representatives couldn't immediately provide information on the status of the bug.

 

Firefox is hardly alone in having bugs that cause the browsers to hang indefinitely while displaying a confusing or scary page. Chrome has had its share of similar flaws, which have also been exploited in the wild. Google developers have since fixed both of them.

 

The exploit spotted by Segura is a common subclass of browser lock attacks. This subclass relies on authentication popups. Earlier this year, Mozilla shipped a comprehensive fix for these types of attacks some 12 years after being reported. Chrome and other browsers have also been vulnerable to this variety of attacks.

 

Segura said he's aware of a separate Firefox browser lock bug that remains unfixed two years after it was reported. Although it was actively exploited in the past, Segura said, he hasn't seen any recent attacks targeting the flaw.

 

For many people, it's not clear what to do when a browser becomes unresponsive while displaying a scary or threatening message. The most important thing to do is to remain calm and not make any sudden response. Force quitting the browser can be helpful, but as Segura has found, that fix is far from ideal since the offending site can reload once the browser is restarted. Whatever else people may do, they should never call the phone number displayed.

 

 

Source: Actively exploited bug in fully updated Firefox is sending users into a tizzy (Ars Technica)  

Share this post


Link to post
Share on other sites
frankl1n
5 minutes ago, Karlston said:

To resolve the problem, users must force-close Firefox and then, immediately upon restarting it, quickly close the tab of the scammer site before it has time to load.

or......simply run your browser in a box....no worries.

Share this post


Link to post
Share on other sites
steven36
3 hours ago, frankl1n said:

or......simply run your browser in a box....no worries.

I tested the poc at github you can just use this addon   Firefox Remove Redirect

https://addons.mozilla.org/en-US/firefox/addon/remove-redirect/

 

NoRedirect  addon in waterfox classic addons archive works for waterfox classic

 

The way it traps it uses Redirects  if you use one of the addons  you can just close it with the red x it renders it useless, :idea:

 

I seen this  a few years back  someone hijack a forum i visited with a script like  this , old tricks new scam. Anyway Amazon' done removed the url  so have you to use Evil Traps for Firefox poc that is the same bug they used.

 

Evil traps  also made one for Spam the user with notification permission prompts.

 

Firefox  is working on fix for this as well until then you can turn it off  in Firefox current

https://blog.mozilla.org/firefox/no-notifications/

 

In waterfox classic its

 

Go into about:config and set dom.webnotifications.enabled to false
 
The caveat is if use email or something with push in your browser  it no longer give notifications but Firefox going to disable it default next year anyway because of abuse of it.
 
Evil Traps been causing havoc with Firefox users  for  12 years
Edited by steven36

Share this post


Link to post
Share on other sites
steven36

Another  way is just  keep pushing  Esc key several times in quick succession

 

the only way to stop the prompt from reappearing over and over was to press the Esc key several times in quick succession. That stopped the page from reloading and regenerating the prompt so you could close out of it.

https://support.mozilla.org/en-US/questions/1142783

 

This works well  saves you from having open your system monitor to close the process out  if you get hijacked . 

 

I would tell people to use no script blocking JavaScript works  but more and more sites need it to work. If cloudflare is checking the page you have too enable to get by . One site  that i download tv shows from is a pain they use blockadblock with cloudflare i have disable the JavaScript to get by when there checking and set a 1st party cookie then block the script back to kill blockadblock then im good  tell i close my browser. :lmao:

Edited by steven36

Share this post


Link to post
Share on other sites
plb4333
1 hour ago, Edward Raja said:

That's why I'm ditching Firefox, had some issues with it.

Silly. All the browsers have issues, and security related as well. But for Firefox, its way ahead of the pack when it comes to privacy and security. I wouldn't jump so quick

Share this post


Link to post
Share on other sites
zanderthunder
2 minutes ago, plb4333 said:

Silly. All the browsers have issues, and security related as well. But for Firefox, its way ahead of the pack when it comes to privacy and security. I wouldn't jump so quick

But then, Firefox has notorious memory leak that sometimes I can't browse well (even with minimal app running on the background). Adding with new bug, well I had to stop using it until it is okay for me to use it.

Share this post


Link to post
Share on other sites
steven36
13 hours ago, Edward Raja said:

That's why I'm ditching Firefox, had some issues with it.

Before you said you didn't use  Firefox because  it uses too much CPU  when idle ,  make up your mind !:rofl:

I only ran across one scam site like this in all my years of using Firefox  . I been using before they made Google Chrome even,  Firefox v2    .  Chrome has more security issues than Firefox does this here is not  security issue unless your stupid enough to believe everything  you read and  fill out a fake forum .

 

12 hours ago, Edward Raja said:

But then, Firefox has notorious memory leak that sometimes I can't browse well (even with minimal app running on the background). Adding with new bug, well I had to stop using it until it is okay for me to use it.

You need to buy a  better system then  because  i keep apps running in the background  all the time  vpn  , email app and download manger downloading  only time  i had a problem i had a issues with Firefox Leaking  Memory i was using to much addons and the addons causes memory leaks .

 

Chrome has  the same problem with Memory Leaks .

 

Why Chrome Uses So Much Freaking RAM

https://lifehacker.com/why-chrome-uses-so-much-freaking-ram-1702537477

 

The reason browsers use so much Ram now is because they use to all be x86 browsers   now people use x64 browsers witch use lots of ram were x86 browsers couldn't .:lmao:

Edited by steven36

Share this post


Link to post
Share on other sites
zanderthunder
3 minutes ago, steven36 said:

You need to buy a  better system

Unless I have more money on buying a new one, I stick to what I have.

Share this post


Link to post
Share on other sites
steven36
1 hour ago, Edward Raja said:

Unless I have more money on buying a new one, I stick to what I have.

I know how that is  I ran Windows 7 back in the day on 1st Gen Atom 2 Gb of Ram   but  if you dont have much Ram and you run a Memory  hog like Windows 10 then  its going to make browsing annoying .  browsers have become  ram hogs because they switch to x64 and Windows have became bloatware  too.   But  just because you have such bugs that  dont mean we all do I dont even use bloated Windows 10 . Firefox  current is my default browser on Windows 8.1 but its not like I use windows very often anymore . On windows you can use and x86 browser  still if it too much of a problem . On Linux we had x64 browsers for years before they came to Windows .  And  most Linux Distros  are removing x86 support except for apps  people need  that they dont make x64 for and on Linux thats just a handful of apps 99% of everything is x64 apps .

 

Luckily Linux is not a ram hog like Windows .But Linux has  ram bugs too but there working on ways to fix it But by default it uses less ram  so apps that require 2 times as much on Windows run good with Linux with  very little ram. On Windows  they not working on a fix  everyone  says buy a ssd , more ram or a better chip or all the above.  Still  really old systems before  they had much ram  if you put Linux  on it  new browsers will be the biggest problem i tested it before on a old XP box i have . They bring your old system to its knees .   That's the nature of the beast  and its just going to get worse.

 

The second major issue hardware issue looms a little further over the horizon, Torvalds said. Moore’s Law has guaranteed a doubling of hardware performance every 18 months for decades. But as processor vendors approach the limits of Moore’s Law, many developers will need to reoptimize their code to continue achieving increased performance. In many cases, that requirement will be a shock to many development teams that have counted on those performance improvements to make up for inefficient coding processes, he said.

https://devops.com/linus-torvalds-sees-lots-of-hardware-headaches-ahead/

 

They make apps  on the fact processors  improve  there performance every 18 months  if you dont buy a new processor every so often you are left behind with slow running apps well thats going to catch up with them soon and crappy coded  apps like browsers,  web apps  and electron will have to improve there code or be left behind .

 

Windows 10 was a big disaster  with this they gave it away free and try too push every one on it  too fast  many users with old hardware who's systems ran fine with Windows 7 and 8.1 .  It happen before when they made Vista the big difference was they did not try to push people on Vista and Windows XP it got 14 years of life  and people who bought better hardware moved to Windows 7 and latter some bought hardware with Windows 8.1. If you use Windows 10 your best bet is to buy a PC with Windows 10.

🤣

Edited by steven36

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...