Fraud tech support uses old Firefox blocking error

Old blocking Error in Firefox
Written by Valdis Koks

Fraudsters that pretend to be technical support are actively exploiting the old blocking error in the Firefox browser in order to force victims to turn to them for “help”.

This is a bug in the browser, discovered three months ago and affecting the stable builds of Firefox 70.x, beta 71.x and night versions 72.x. Authentication prompt spam, also called login prompt spam, has been a problem for internet users for the last two decades.

Tech support scam sites have used this trick to trigger infinite loops of “Authentication Required” prompts that block users on sites and prevents them from closing tabs or the browser.

Read also: Firefox 70 blocks cross-site social media cookies

Using this vulnerability, attackers can block the victim’s browser and display a fake notification about the need to contact technical support as soon as possible, otherwise the system will be turned off after 5 minutes. The victim cannot close the notification tab.

Jérôme Segura

Jérôme Segura

According to security researcher Jérôme Segura, using this bug, scammers, trying to intimidate users.

It looks like there’s a working browlock for Firefox using a technique that is new to me”, — writes Jérôme Segura in Twitter.

To block the browser, attackers send a large number of requests for authorization confirmation, since there are no restrictions on their number. The victim can regain control of the browser by completing the Firefox-related process in the Windows Task Manager.

The text of the notification displayed by cybercriminals is usually the following:

Do not ignore this important warning. Stop and do not turn off your PC. Your computer’s registry key is locked. Why did we lock your computer? The Windows registry key is illegal. This Windows computer uses pirated software. This Windows PC sends viruses over the Internet. This Windows PC is hacked. We locked the computer for your safety. Please call us within 5 minutes, otherwise your computer will be turned off.”

Mozilla is currently working on a bug fix. Browser makers are in a constant fight to fix bugs and loopholes exploited by tech support scammer groups. Mozilla’s upcoming Firefox fix helps, but it won’t stop tech support scammers, who will just find another trick to exploit.

About the author

Valdis Koks

Security engineer, reverse engineering and memory forensics

Leave a Comment