Nasty Firefox Bug enables scammers to PRETEND that your machine is locked up

Forumite Members General Topics Tech Website and Hosting Talk Nasty Firefox Bug enables scammers to PRETEND that your machine is locked up

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • November 6, 2019 at 2:02 pm #38034
    Ed PEd P
    Participant
      @edps
      Forumite Points: 39

      Details in Ars, this only affects fully updated FireFox across all platforms, but as Firefox now stupidly forces updates this means most users!

      November 6, 2019 at 4:35 pm #38036
      Ed PEd P
      Participant
        @edps
        Forumite Points: 39

        Update – Mozilla has hurriedly fixed the bug and tells users to update asap to 39.0.3 (70.0.1 for 64bit) or in Linux to ESR 38.1.1 (tough if you have to wait for Mint’s normally slow response). In the unlikely event you get attacked by visiting Russian/Ukrainian sites then just do the usual shutdown/restart of your system.

        Pi has its own problems too as the Android port has to be done first.

        November 6, 2019 at 4:45 pm #38039
        Bob WilliamsBob Williams
        Participant
          @bullstuff2
          Forumite Points: 0
          Ed P wrote:

          Update – Mozilla has hurriedly fixed the bug and tells users to update asap to 39.0.3 or in Linux to ESR 38.1.1 (tough if you have to wait for Mint’s normally slow response). In the unlikely event you get attacked by visiting Russian/Ukrainian sites then just do the usual shutdown/restart of your system. Pi has its own problems too as the Android port has to be done first.

          Ed, my FF is 64 bit and last updated yesterday to 70.0.1. I don’t know where 39.0.3 comes from.

          When the Thought Police arrive at your door, think -
          I'm out.

          November 6, 2019 at 6:59 pm #38047
          Ed PEd P
          Participant
            @edps
            Forumite Points: 39

            You perhaps saw my post before I added the 64bit info. In fact I was wrong, we may have to wait for 70.0.2. or 71.x.x as the release notes for 70.0.1 are unclear to me.

            In point of fact if you use Russian/Ukrainian sites and become infected you should disconnect from the internet before rebooting and relaunching Firefox then close the offending Tab otherwise the naggered page will reload. After this you may then connect to the Internet.

            [edit] the Ars article Comments has more detail/advice.

            November 6, 2019 at 7:11 pm #38049
            Ed PEd P
            Participant
              @edps
              Forumite Points: 39

              It has spread beyond Russia/Ukraine and is now in the wild.

               

              November 6, 2019 at 10:11 pm #38052
              Mark TurnerMark Turner
              Participant
                @turner74
                Forumite Points: 12

                I’m on 71.0b7 on the beta update channel that was released on the 21st of October there are no further updates so it can’t have been fixed can it? Or is the bug that old

                November 7, 2019 at 6:37 am #38053
                Ed PEd P
                Participant
                  @edps
                  Forumite Points: 39

                  Mark, it is unclear to me, but it may well be an old bug, at least I get that impression from reading the Ars comments.

                  I would say that your relatively old beta actually has the bug, as if you dig into the Mozilla bug reports they say it was in 71 and are talking about stomping on the bug in 72. I suggest you log into the comments on your beta account and see what they say.

                • Author
                  Posts
                Viewing 7 posts - 1 through 7 (of 7 total)
                • You must be logged in to reply to this topic.