An old Firefox bug is letting scammers lock up people’s browsers
“The Windows desktop is using pirated software…This Windows desktop is hacked. We block this computer for your safety.” So reads part of a bogus, techno-gibberish alert that scammers are using to trick people into calling a “Windows support” hotline, reports news site Ars Technica. If users fail to call in five minutes, says the message, their entire computer will be locked up.
It won’t be, and it can’t be. But a years-old bug in the Firefox web browser allows scammers to lock up the browser itself, making the claims look credible. They take advantage of a function in Firefox to display a login pop-up window for a website. The popup can be triggered repeatedly, so that the only way to escape is to force-quit the browser—something the less-savvy users the scam targets may not know how to do.
The nonprofit Mozilla Foundation that makes Firefox thought it had closed the browser loophole in version 68 of the desktop app, released in July. But Jérôme Segura at security firm Malwarebytes found this week that scammers have bypassed the fix.
Mozilla issued a statement, saying it expects to issue a new fix in Firefox 71 or 72. That would mean either December 3 or January 7, according to the Firefox release schedule.
Since it’s a browser rather than an operating system hack, this scam appears on both Windows and Mac computers. If it, or something similar, befalls you, just force-quit the browser. In Windows, go to the Task Manager by pressing the CTRL+SHIFT+ESC keys simultaneously. In MacOS, press OPTION+COMMAND+ESC or click the Apple menu in the upper-left corner of the screen, then select the offending app.