Firefox: No-exit browser scammers want you to call bogus support

The attack works on both Windows and Mac versions. Upset by a flood of continuous authentication-required prompts, a user might try to leave the warning page; not possible, or may try to close it; forget about it.

The Firefox bug fools users to think their computers have been hacked. Then victim users who believe this is all happening for real are tricked to call the bogus support line. It is as if Borat is talking which should possibly give people a hint this is all a dupe.

"Please stop and do not close the PC...The registry key of your computer is locked. Why did we block your computer? The Windows registry key is illegal. The Windows desktop is using pirated software. The Window desktop sends viruses over the Internet. This Windows desktop is hacked. We block this computer for your safety."

(A reader comment in Ars Technica: "There is a theory that all the bad grammar and spelling mistakes in many scams are deliberate too. Because it weeds out the skeptical. Scammers don't want to waste time with savvy, smart or skeptical people.")

Well, observers agreed that victims falling for the information as genuine fell into the category of victims of tech support scams through the years.

Another reader's comment, this time on ExtremeTech: "...this has been common practice for scammers for over three years...This is not just a Firefox issue. It's scammers taking advantage of advertisements. They load a specific javascript code into their hosted ad that people are unlucky enough to have loaded when they visit a webpage and thus, locked browser. This happens in all browsers."

Jonathan Lamont in MobilSyrup.com offered advice. "The best thing to do in these circumstances is to remain calm and not react suddenly to what's happening...Typically, these scams want to frighten users into handing over valuable information or money." Dan Goodin in Ars Technica: "Whatever else people may do, they should never call the phone number displayed."

Ravie Lakshmanan in TNW: Terminate the browser process via the Windows Task Manager or use the Force Quit feature in macOS. It's possibly messy, however, for "if you've turned the restore tabs option on," said Lakshmanan, "you'll be stuck in a perpetual loop, with the only option being disconnecting from the internet before opening the browser again."

Forcibly closing Firefox and restarting it may be enough, provided the browser isn't set to reopen previously closed tabs, said JC Torres in SlashGear.

Back in April, though, Catalin Cimpanu in ZDNet reported Firefox was to add protection against the login prompt spam.

"Twelve years after it was first notified of the issue, Mozilla has finally shipped a fix this week that will prevent abusive websites -usually tech support scam sites- from flooding users with non-stop 'authentication required' login popups and prevent users from leaving or closing their browsers. The fix has been shipped in Firefox v68, the current Nightly release, and will hit the browser's stable branch sometimes in early July."

Goodin had more about this: "Earlier this year, Mozilla shipped a comprehensive fix for these types of attacks some 12 years after being reported. Chrome and other browsers have also been vulnerable to this variety of attacks. Segura said he's aware of a separate Firefox browser lock bug that remains unfixed two years after it was reported. Although it was actively exploited in the past, Segura said, he hasn't seen any recent attacks targeting the flaw."

Goodin was referring to Jérôme Segura at Malwarebytes.

"Jérôme Segura, head of Threat Intelligence at Malwarebytes, this week found that tech-support scammers have found a bypass for Mozilla's fix, allowing them to use the same tactics to con victims." said Cimpanu in ZDNet. Segura said this time the "browlock" was using a technique that was "new to me."

What's next? Mozilla is reportedly working on a fix.

Sergiu Gatlan in BleepingComputer explained what was going on this time around. How does the bug allow crooks to lock the browser? "This is done by spamming them [targets] with a large amount of authorization confirmation prompts because there is no rate limiting to prevent it and by stealing focus from the main page."

Gatlan recalled some techniques used in past blocks and tech support scams: "In December 2018, JavaScript was used by crooks to create an inescapable loop that would claim all CPU resources thus making it impossible for users to close the tab, the web browser, and even their computer without killing Chrome's process.

Website search

Recently updated

ACT Key Crack Plus Keygen ACT Key Crack & Activation Code Recover passwords for ACT! files
OneNote Password Recovery Key Crack + Activator Download 2020 OneNote Password Recovery Key Crack + Serial Number A password recovery tool that is designed to retrieve passphrases for MS OneNote files by using a combination of various attacks
P2 Commander Crack + Activator Download P2 Commander Crack With License Key 2020 A reliable and effective solution that helps you to perform comprehensive digital forensic examinations and deleted data recovery

Software News

Jul 2
NOVID, a contact tracing app that anonymously traces users' exposure to COVID-19, is the first such app in the world to demonstrate the distance accuracy required to perform contact tracing without significant false positives. ...
Jul 1
The technology company Red Hat said Tuesday that it would take measures to remove contentious terms like "master/slave" from its source code and other areas, in an effort to make its products more inclusive.
Jun 30
It's hard to believe in this age of computer viruses, phishing attacks, ransomware, trojan horses, denial-of-service attacks and keystroke logging that there was once a time before the Internet when just about the only worry ...
Jun 29
Cybersickness, or motion sickness during the use of virtual reality, can be a major roadblock to the development and adoption of augmented and virtual reality technology. Now researchers at UTSA have built GingerVR, the first ...
Jun 24
The UK's coronavirus contact tracing app has been kicked into the long grass, with the government now saying it isn't a priority and may not be ready until winter. The app-which has so far cost nearly £12 million - was ...
Jun 23
Sword fights are often the weak link in virtual reality (VR) fighting games, with digital avatars engaging in battle using imprecise, pre-recorded movements that barely reflect the player's actions or intentions. Now a team ...
Jun 23
As players embark on the third season of "Fortnite" launching last week, some players have noticed the absence of police cars.

About us

Welcome to new crack resource CrackDownloadz.com! Our service can generate cracks, keygens and serials for your software to unlock it. CrackDownloadz provides a lot of popular cracks and keygens. No spyware and adware at all, just download new cracks, keygens and serials. If you have a software that needs a crack feel free to contact us.

Also you may contact us if you have software that needs to be removed from our website.