This article was published on November 6, 2019

PSA: Scammers are exploiting a Firefox bug to lock users out of the browser


PSA: Scammers are exploiting a Firefox bug to lock users out of the browser

Firefox users are being targeted by malicious websites that display a fake warning message and then completely lock them out from using the browser.

Scammers have been found actively exploiting a bug in Firefox to trick unsuspecting people into believing that their computers have been hacked. What’s more, the attack urges users to call a fraudulent support line within five minutes to avoid having their systems disabled.

The poorly worded message, which has all the hallmarks of a scam, reads below:

Please stop and do not close the PC… The registry key of your computer is locked. Why did we block your computer? The Windows registry key is illegal. The Windows desktop is using pirated software. The Window desktop sends viruses over the Internet. This Windows desktop is hacked. We block this computer for your safety.

Mozilla seems to be already aware of the issue for about three months now and is actively working to resolve it. “Basic auth confirmation prompts can be abused for spamming users and stealing focus from the main [browser] window,” goes the description of the bug report.

The browser lock (or browlock) exploit, which affects both Windows and macOS versions, works by bombarding users with non-stop “authentication required” authorization prompts that prevent users from leaving or closing their browsers.

In this case, malicious sites — such as d2o1sv4d11x6bc[.]cloudfront[.]net/firefox/index.html — have been specifically programmed via JavaScript to take advantage of the flaw to spam users with endless popups.

It appears that, at least in one instance, the offending site was loaded upon clicking a harmless link, suggesting a form of URL hijacking attack.

To get around the problem, you will have to manually terminate the browser process via the Windows Task Manager or use the Force Quit feature in macOS. But there’s a catch: if you’ve turned the restore tabs option on, you’ll be stuck in a perptual loop, with the only option being disconnecting from the internet before opening the browser again.

It’s worth noting that Mozilla issued a fix for login prompt spam some 12 years after being reported starting with Firefox 68 back in July.

The fact that attackers have already devised an active workaround indicates that bad actors are constantly looking for ways to beat security defenses built into software to further their aims.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with