loader gif

Hackers abused 11-year-old unpatched Firefox bug to trick users to visit malicious sites

black, background, random, closeup, shine, file, code, light, one, technology, security, computer, macro, source, economic, number, design, programming, color, editor, zero, encryption, detail, financial, hackers, isolated, perspective, hardware, algorithm, binary, pixels, finance, data, glow, communications, development, abstract, modern, progression, monitor, center, blue, contrast
  • Cybercriminals were spotted abusing an 11-year-old Firefox bug, which Mozilla failed to fix since April 2007, to trap users on malicious sites.
  • The firefox bug redirects victims to a malicious site with an iframe embedded inside the source code, which results in authentication requests made in a loop on the malicious sites.

Over the past few years, cybercriminals have been tricking users to visit malicious websites, but these criminals aren't using some new never-before-seen trick. Instead, they leveraged an unpatched Firefox bug to lure users to the malicious sites, with tech support scams, ad farms, fake gift vouchers, and malware-laced software updates.

If a victim tried to leave the page, the hackers operating the malicious sites triggered an authentication request in a loop. Every time the victim rejected the request, another request is made and a new modal appears. This continues until the victim is forced to close his/her browser altogether or start a new browsing session. This is the result of the firefox bug redirecting to a malicious site with an iframe embedded inside the source code.

The latest report against the bug

The latest report about the bug came from a victim, who reported the issue on Saturday, December 8, 2018. The user reported that upon landing on one of these malicious sites, he was forced to install a suspicious Firefox extension.

  • A pop-up ad window opened in a full-screen mode was presented to the victim, who also discovered that when he tried to press ‘ESC’ to exit the full screen or close the window, it failed to work.
  • When the user tried to close the login dialog box or click the ‘Cancel’ button, the dialog kept appearing again and again until the user killed the firefox process.
  • The ‘Don’t allow’ button of extension installation also seemed non-clickable, the user added.

The bug remains unfixed for unknown reasons, despite being reported several times, leaving cybercriminals free to abuse it.

loader gif