Firefox exploit lets scammers freeze browser, show users scary message

If this happens, stay calm, don't panic; just force close your browser

Firefox iOS app

Scammers are taking advantage of a flaw in the most recent version of Firefox — release 70 — that can lock up the browser while displaying a frightening message.

According to an Ars Technica report, the exploit allows malicious sites to freeze the browser completely. Users can’t exit tabs or close the browser through normal means. When the lock-down happens, the browser displays a message warning users that they’re using a pirated version of Windows. The full message is as follows:

“Please stop and do not close the PC… The registry key of your computer is locked. Why did we block your computer? The Windows registry key is illegal. The Windows desktop is using pirated software. The Window desktop sends viruses over the Internet. This Windows desktop is hacked. We block this computer for your safety.”

The exploit requires no interaction from users and happens upon visiting a site. Further, it warns users to call a toll-free number within the next five minutes, or their computer will be disabled.

The attack works on both Windows and Mac versions of Firefox. If you’re hit with the exploit, the only way around it is to force close the browser through either Windows Task Manager or the ‘Force Close’ function in macOS.

When Firefox doesn’t shut down properly, it attempts to restore the open tabs next time you open it. This can catch users in an endless loop unless they have disabled the restore tabs option. Alternatively, they can open Firefox and quickly close the offending tab before it loads, or temporarily disconnect from the internet when relaunching the browser.

A fix is in the works

Jérôme Segura, head of threat intelligence at Malwarebytes, told Ars that several sites have taken advantage of the flaw using code specifically designed to exploit it.

Segura filed a report on the Bugzilla forum, Mozilla’s bug tracking site. Since then, the company behind Firefox said it was working on a fix. Further, Mozilla told Ars in a statement that users should expect the fix “to land in the next couple of releases (either in Firefox 71 or 72).”

Segura’s bug report included a GIF showing the malicious attack in action.

Unfortunately, these kinds of attacks aren’t new, and they’re not exclusive to Firefox. Google Chrome also had these kinds of exploits, which take advantage of authentication pop-ups, to lock browsers and display scary messages.

Segura told Ars that he’s aware of a separate, similar Firefox exploit that hasn’t been fixed some two years after its discovery. However, he noted that he hadn’t seen it actively used in recent attacks.

For most users, it can be frightening when a browser locks up, especially when it displays a deceptive message like the one in this attack. The best thing to do in these circumstances is to remain calm and not react suddenly to what’s happening. It’s also probably wise to not contact phone numbers or emails included in pop-ups, as they can be part of the scam. Typically, these scams want to frighten users into handing over valuable information or money.

Ultimately, if you encounter one of these situations, the best thing to do is quit the browser. On Windows, you can use the Task Manager (accessible through ‘Control’ + ‘Alt’ + ‘Delete’) or by hitting ‘Alt’ + ‘F4’ on the keyboard to close the program. On Mac, ‘Command’ + ‘Q’ or clicking the name of the program in the top left corner and selecting ‘Force Quit’ should work as well.

Source: Bugzilla Via: Ars Technica