Severity

Medium

Analysis Summary

A bug in Firefox can be triggered by sending a large amount of authorization confirmation prompts to the browser. According to BleepingComputer, this causes the visible page, in this case the scammer’s tech support page, to refuse to close. The victim’s only real choice (other than calling the scammers) is to use the Task Manager to terminate Firefox. The threat message the scammers use on their page indicates that the particular version of Windows the victim is running is pirated and has been locked, and that the system has been hacked and is spreading viruses over the Internet. The page claims that the system has been blocked for the victim’s safety. The report stated that even Chrome has been affected similarly in the past. One way to reach such a page could possibly be by visiting a fake ad link (the article suggested a fake eBay ad). 

Impact

Browser lock

Affected Vendors

Mozilla

Affected Products

Mozilla Firefox

Indicators of Compromise

URL

http[:]//d2o1sv4d11x6bc[.]cloudfront[.]net/firefox/index[.]html

Remediation

Use Windows Task Manager to terminate the process associated with your browser.