A new Firefox exploit locks you out of your browser

Written by Jennifer Allen

November 6, 2019 | 14:00

Tags: #browser #exploit #firefox #mozilla

Companies: #firefox #mozilla

Earlier in the week, a bug was reported for Firefox, and it's already been actively exploited by scammers.

The message suggests that victims are using a pirated copy of Windows and that 'the Windows registry key is illegal.' Victims are then told to contact Windows support by calling a US-based 1-888 number that, of course, isn't anything to do with Microsoft. 

It's a fairly easy-to-spot scam given it's a mess of a message full of broken English. There's also the fact that, well, none of it makes any sense whatsoever. However, it does lock you out of Firefox, requiring you to force-close the entire browser. Even then, Firefox will reopen previously open tabs and you're stuck, so you need to be quick off the ball to close the tab before it has time to reload or disconnect your network while you reopen the browser. It's all a bit of an irritant. 

Annoyingly, this is a bug that occurs even on a fully-updated version of Firefox, and it also afflicts Mac systems - although users of those certainly shouldn't worry about having an illegal copy of Windows installed!

According to Jérôme Segura, head of threat intelligence at security provider Malwarebytes, the Firefox bug is being exploited by several sites. He also pointed out that the offending code on the site was written specifically to target the browser flaw.

He's reported the bug and sure, bugs and exploits are not that unusual, but it's worth noting that Segura has previously reported a browser-lock bug that remains unfixed after two years since the report.

Still, as this one is being actively exploited right now, we'd expect a fix to be imminent. 

One of the problems here is that it means perfectly legitimate websites are getting caught up in this. An ArsTechnica commenter has noted issues simply going from Google to a Lifewire article - both sites that should be safe to use. 

In the meantime, this might be just the right time to try out a different browser. At least until things are fixed on Firefox's end. 

Discuss this in the forums
YouTube logo
MSI MPG Velox 100R Chassis Review

October 14 2021 | 15:04