Scammers for Tech Support Unpatched Firefox Bug

Mozilla works to fix a Firefox vulnerability used by tech support scammers to block a browser when users visit specially crafted websites.

Jérôme Segura of Malwarebytes, who told SecurityWeek that two known Firefox bugs were now abused in tech support scams, reportedly reported attacks recently.

Use only requires users to visit websites created by cybercrooks. These sites display warnings and instruct victims to call a given number “Windows support.”

Segura informed Mozilla about a bug with bug ID 1438214, two years ago, when scammers against Chrome users exploited a very similar flaw. The fault allows an attacker to freeze your browser by using the download blob API so that all CPU resources are consumed.

Recently, the author decided to review this error and find it remained unfixed. He also identified a new bug, which was also used by technology support scammers.

“The newer bug is constantly asking users for the same authorization to abuse notifications,” Segura told SecurityWeek, explaining that this flaw seems to be a modification of an authentication pop-up that was exploited for years and that has already been remedied.

Based on the new Segura bug report, Mozilla has been informed of this problem for a period of at least three months— Mozilla developers have flagged Segura’s report as a duplicate— but a fix has yet to be released.

Mozilla did not answer SecurityWeek’s comment request but based on discussions in the bug reports, a patch in Firefox 71, scheduled to be released on 3 December, is expected.

Until a patch is provided, users who encounter scam sites can close Firefox from Windows ‘ Task Manager or use the Force Quit option on macOS — the bug affects Firefox on Windows and macOS.