Rewterz Threat Alert – Scammers Abusing a New Firefox Browser Lock Bug

Tuesday, November 12, 2019

Severity

Medium

Analysis Summary

A bug in Firefox can be triggered by sending a large amount of authorization confirmation prompts to the browser. According to BleepingComputer, this causes the visible page, in this case the scammer’s tech support page, to refuse to close. The victim’s only real choice (other than calling the scammers) is to use the Task Manager to terminate Firefox. The threat message the scammers use on their page indicates that the particular version of Windows the victim is running is pirated and has been locked, and that the system has been hacked and is spreading viruses over the Internet. The page claims that the system has been blocked for the victim’s safety. The report stated that even Chrome has been affected similarly in the past. One way to reach such a page could possibly be by visiting a fake ad link (the article suggested a fake eBay ad). 

image-1573542935.png
attachment.cgi?id=9106303

Impact

Browser lock

Affected Vendors

Mozilla

Affected Products

Mozilla Firefox

Indicators of Compromise

URL

http[:]//d2o1sv4d11x6bc[.]cloudfront[.]net/firefox/index[.]html

Remediation

Use Windows Task Manager to terminate the process associated with your browser.

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 6, December 2019 Rewterz Threat Advisory – CVE-2019-14899 – New Linux Vulnerability Inferring and hijacking VPN-tunneled TCP connections
  • 6, December 2019 Rewterz Threat Advisory – CVE-2019-18232 – ICS: Thales DIS SafeNet Sentinel LDK License Manager Runtime Privilege Escalation Vulnerability
  • 5, December 2019 Rewterz Threat Alert – “ZeroCleare” Targets Energy Sector in the Middle East
  • 5, December 2019 Rewterz Threat Alert – CStealer Trojan Targeting Chrome Passwords

Copyright © Rewterz. All rights reserved.