Firefox users are being targeted by malicious sites that exploit a known bug to lock up the browser
Users of the Mac and Windows versions of Firefox are being targeted by malicious sites that display a fake warning message and then completely lock up the browser.
Hackers are taking advantage of a bug in Mozilla's web browser to tamper with the software and render it unusable without the need for user interaction. At the moment there is no fix, and the problem is wreaking havoc and causing distress.
See also:
- Mozilla is dropping support for sideloaded extensions in Firefox
- Release candidate of Chromium-based Microsoft Edge available to download now -- full launch coming January 15
- Chromium-based Microsoft Edge has a new logo. Is it enough to distance it from the horrors of Internet Explorer?
The bug has been reported to Mozilla by Malwarebytes' Jérôme Segura who warned that special-crafted JavaScript is being used to exploit the vulnerability. The problem tends to rear its head as a fake technical support website which warns the visitor that they are using a pirated copy of Windows.
As reported by Ars Technica, the warning message reads:
Please stop and do not close the PC... The registry key of your computer is locked. Why did we block your computer? The Windows registry key is illegal. The Windows desktop is using pirated software. The Window desktop sends viruses over the Internet. This Windows desktop is hacked. We block this computer for your safety.
The site explains:
The only way to close the window to is to force-close the entire browser using either the Windows task manager or the Force Close function in macOS. Even then, Firefox will reopen previously open tabs, resulting in an endless loop. To resolve the problem, users must force-close Firefox and then, immediately upon restarting it, quickly close the tab of the scammer site before it has time to load.
Mozilla is said to be working on a fix, but there is no indication of what progress has been made, or when a patch will be released.