Hackers abused 11-year-old unpatched Firefox bug to trick users to visit malicious sites

Hackers abused 11-year-old unpatched Firefox bug to trick users to visit malicious sites

  • Cybercriminals were spotted abusing an 11-year-old Firefox bug, which Mozilla failed to fix since April 2007, to trap users on malicious sites.
  • The firefox bug redirects victims to a malicious site with an iframe embedded inside the source code, which results in authentication requests made in a loop on the malicious sites.

Over the past few years, cybercriminals have been tricking users to visit malicious websites, but these criminals aren't using some new never-before-seen trick. Instead, they leveraged an unpatched Firefox bug to lure users to the malicious sites, with tech support scams, ad farms, fake gift vouchers, and malware-laced software updates.

If a victim tried to leave the page, the hackers operating the malicious sites triggered an authentication request in a loop. Every time the victim rejected the request, another request is made and a new modal appears. This continues until the victim is forced to close his/her browser altogether or start a new browsing session. This is the result of the firefox bug redirecting to a malicious site with an iframe embedded inside the source code.

The latest report against the bug

The latest report about the bug came from a victim, who reported the issue on Saturday, December 8, 2018. The user reported that upon landing on one of these malicious sites, he was forced to install a suspicious Firefox extension.

  • A pop-up ad window opened in a full-screen mode was presented to the victim, who also discovered that when he tried to press ‘ESC’ to exit the full screen or close the window, it failed to work.
  • When the user tried to close the login dialog box or click the ‘Cancel’ button, the dialog kept appearing again and again until the user killed the firefox process.
  • The ‘Don’t allow’ button of extension installation also seemed non-clickable, the user added.

The bug remains unfixed for unknown reasons, despite being reported several times, leaving cybercriminals free to abuse it.