Karlston Posted November 5, 2019 Share Posted November 5, 2019 Actively exploited bug in fully updated Firefox is sending users into a tizzy Fraudulent tech-support sites cause Firefox to freeze while displaying scary message. Enlarge Jérôme Segura Scammers are actively exploiting a bug in Firefox that causes the browser to lock up after displaying a message warning the computer is running a pirated version of Windows that has been hacked. The message, which appears without any user interaction upon visiting a site, reads: Please stop and do not close the PC... The registry key of your computer is locked. Why did we block your computer? The Windows registry key is illegal. The Windows desktop is using pirated software. The Window desktop sends viruses over the Internet. This Windows desktop is hacked. We block this computer for your safety. The message then advises the person to call a toll-free number in the next five minutes or face having the computer disabled. Below is a GIF showing the attack flow: Jérôme Segura The attack works on both Windows and Mac versions of the open source browser. The only way to close the window is to force-close the entire browser using either the Windows task manager or the Force Close function in macOS. Even then, Firefox will reopen previously open tabs, resulting in an endless loop. (Update: as a commenter pointed out, restore tabs is turned off by default.) To resolve the problem, users must force-close Firefox and then, immediately upon restarting it, quickly close the tab of the scammer site before it has time to load. Jérôme Segura, head of threat intelligence at security provider Malwarebytes, said the Firefox bug is being exploited by several sites, including d2o1sv4d11x6bc[.]cloudfront[.]net/firefox/index.html. He said the offending code on the site was written specifically to target the browser flaw. Enlarge Jérôme Segura On Monday, Segura reported the bug to the Bugzilla forum. He said he has since received word Mozilla is actively working on a fix. Firefox representatives couldn't immediately provide information on the status of the bug. Firefox is hardly alone in having bugs that cause the browsers to hang indefinitely while displaying a confusing or scary page. Chrome has had its share of similar flaws, which have also been exploited in the wild. Google developers have since fixed both of them. The exploit spotted by Segura is a common subclass of browser lock attacks. This subclass relies on authentication popups. Earlier this year, Mozilla shipped a comprehensive fix for these types of attacks some 12 years after being reported. Chrome and other browsers have also been vulnerable to this variety of attacks. Segura said he's aware of a separate Firefox browser lock bug that remains unfixed two years after it was reported. Although it was actively exploited in the past, Segura said, he hasn't seen any recent attacks targeting the flaw. For many people, it's not clear what to do when a browser becomes unresponsive while displaying a scary or threatening message. The most important thing to do is to remain calm and not make any sudden response. Force quitting the browser can be helpful, but as Segura has found, that fix is far from ideal since the offending site can reload once the browser is restarted. Whatever else people may do, they should never call the phone number displayed. Source: Actively exploited bug in fully updated Firefox is sending users into a tizzy (Ars Technica) Link to comment Share on other sites More sharing options...
frankl1n Posted November 5, 2019 Share Posted November 5, 2019 5 minutes ago, Karlston said: To resolve the problem, users must force-close Firefox and then, immediately upon restarting it, quickly close the tab of the scammer site before it has time to load. or......simply run your browser in a box....no worries. Link to comment Share on other sites More sharing options...
steven36 Posted November 5, 2019 Share Posted November 5, 2019 3 hours ago, frankl1n said: or......simply run your browser in a box....no worries. I tested the poc at github you can just use this addon Firefox Remove Redirect https://addons.mozilla.org/en-US/firefox/addon/remove-redirect/ NoRedirect addon in waterfox classic addons archive works for waterfox classic The way it traps it uses Redirects if you use one of the addons you can just close it with the red x it renders it useless, I seen this a few years back someone hijack a forum i visited with a script like this , old tricks new scam. Anyway Amazon' done removed the url so have you to use Evil Traps for Firefox poc that is the same bug they used. Evil traps also made one for Spam the user with notification permission prompts. Firefox is working on fix for this as well until then you can turn it off in Firefox current https://blog.mozilla.org/firefox/no-notifications/ In waterfox classic its Go into about:config and set dom.webnotifications.enabled to false The caveat is if use email or something with push in your browser it no longer give notifications but Firefox going to disable it default next year anyway because of abuse of it. Evil Traps been causing havoc with Firefox users for 12 years https://bugzilla.mozilla.org/show_bug.cgi?id=432687 Link to comment Share on other sites More sharing options...
steven36 Posted November 5, 2019 Share Posted November 5, 2019 Another way is just keep pushing Esc key several times in quick succession the only way to stop the prompt from reappearing over and over was to press the Esc key several times in quick succession. That stopped the page from reloading and regenerating the prompt so you could close out of it. https://support.mozilla.org/en-US/questions/1142783 This works well saves you from having open your system monitor to close the process out if you get hijacked . I would tell people to use no script blocking JavaScript works but more and more sites need it to work. If cloudflare is checking the page you have too enable to get by . One site that i download tv shows from is a pain they use blockadblock with cloudflare i have disable the JavaScript to get by when there checking and set a 1st party cookie then block the script back to kill blockadblock then im good tell i close my browser. Link to comment Share on other sites More sharing options...
zanderthunder Posted November 6, 2019 Share Posted November 6, 2019 That's why I'm ditching Firefox, had some issues with it. Link to comment Share on other sites More sharing options...
plb4333 Posted November 6, 2019 Share Posted November 6, 2019 1 hour ago, Edward Raja said: That's why I'm ditching Firefox, had some issues with it. Silly. All the browsers have issues, and security related as well. But for Firefox, its way ahead of the pack when it comes to privacy and security. I wouldn't jump so quick Link to comment Share on other sites More sharing options...
zanderthunder Posted November 6, 2019 Share Posted November 6, 2019 2 minutes ago, plb4333 said: Silly. All the browsers have issues, and security related as well. But for Firefox, its way ahead of the pack when it comes to privacy and security. I wouldn't jump so quick But then, Firefox has notorious memory leak that sometimes I can't browse well (even with minimal app running on the background). Adding with new bug, well I had to stop using it until it is okay for me to use it. Link to comment Share on other sites More sharing options...
steven36 Posted November 6, 2019 Share Posted November 6, 2019 13 hours ago, Edward Raja said: That's why I'm ditching Firefox, had some issues with it. Before you said you didn't use Firefox because it uses too much CPU when idle , make up your mind ! I only ran across one scam site like this in all my years of using Firefox . I been using before they made Google Chrome even, Firefox v2 . Chrome has more security issues than Firefox does this here is not security issue unless your stupid enough to believe everything you read and fill out a fake forum . 12 hours ago, Edward Raja said: But then, Firefox has notorious memory leak that sometimes I can't browse well (even with minimal app running on the background). Adding with new bug, well I had to stop using it until it is okay for me to use it. You need to buy a better system then because i keep apps running in the background all the time vpn , email app and download manger downloading only time i had a problem i had a issues with Firefox Leaking Memory i was using to much addons and the addons causes memory leaks . Chrome has the same problem with Memory Leaks . Why Chrome Uses So Much Freaking RAM https://lifehacker.com/why-chrome-uses-so-much-freaking-ram-1702537477 The reason browsers use so much Ram now is because they use to all be x86 browsers now people use x64 browsers witch use lots of ram were x86 browsers couldn't . Link to comment Share on other sites More sharing options...
zanderthunder Posted November 6, 2019 Share Posted November 6, 2019 3 minutes ago, steven36 said: You need to buy a better system Unless I have more money on buying a new one, I stick to what I have. Link to comment Share on other sites More sharing options...
steven36 Posted November 6, 2019 Share Posted November 6, 2019 1 hour ago, Edward Raja said: Unless I have more money on buying a new one, I stick to what I have. I know how that is I ran Windows 7 back in the day on 1st Gen Atom 2 Gb of Ram but if you dont have much Ram and you run a Memory hog like Windows 10 then its going to make browsing annoying . browsers have become ram hogs because they switch to x64 and Windows have became bloatware too. But just because you have such bugs that dont mean we all do I dont even use bloated Windows 10 . Firefox current is my default browser on Windows 8.1 but its not like I use windows very often anymore . On windows you can use and x86 browser still if it too much of a problem . On Linux we had x64 browsers for years before they came to Windows . And most Linux Distros are removing x86 support except for apps people need that they dont make x64 for and on Linux thats just a handful of apps 99% of everything is x64 apps . Luckily Linux is not a ram hog like Windows .But Linux has ram bugs too but there working on ways to fix it But by default it uses less ram so apps that require 2 times as much on Windows run good with Linux with very little ram. On Windows they not working on a fix everyone says buy a ssd , more ram or a better chip or all the above. Still really old systems before they had much ram if you put Linux on it new browsers will be the biggest problem i tested it before on a old XP box i have . They bring your old system to its knees . That's the nature of the beast and its just going to get worse. The second major issue hardware issue looms a little further over the horizon, Torvalds said. Moore’s Law has guaranteed a doubling of hardware performance every 18 months for decades. But as processor vendors approach the limits of Moore’s Law, many developers will need to reoptimize their code to continue achieving increased performance. In many cases, that requirement will be a shock to many development teams that have counted on those performance improvements to make up for inefficient coding processes, he said. https://devops.com/linus-torvalds-sees-lots-of-hardware-headaches-ahead/ They make apps on the fact processors improve there performance every 18 months if you dont buy a new processor every so often you are left behind with slow running apps well thats going to catch up with them soon and crappy coded apps like browsers, web apps and electron will have to improve there code or be left behind . Windows 10 was a big disaster with this they gave it away free and try too push every one on it too fast many users with old hardware who's systems ran fine with Windows 7 and 8.1 . It happen before when they made Vista the big difference was they did not try to push people on Vista and Windows XP it got 14 years of life and people who bought better hardware moved to Windows 7 and latter some bought hardware with Windows 8.1. If you use Windows 10 your best bet is to buy a PC with Windows 10. 🤣 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.