Criminals exploiting zero-day Firefox flaw to display tech support scam

Firefox is hit by a zero-day vulnerability that is causing the browser to lock up on a fake tech support screen. ARS Technica writes fraudulent tech support websites are abusing the bug to display a warning message that your computer is running a pirated version of Windows. The message claims the computer will be disabled in five minutes and urges users to call to a toll-free number.

This browser lock attack works on both Windows and Mac and can be hard to get rid of. If you encounter it, you will need to force-close Firefox using the Windows task manager. If "restore tabs" is enabled, you'll need to close the offending tab as soon as possible when you re-open the browser. Alternatively, you can disable your network connection to prevent the site from loading again.

The attack works on both Windows and Mac versions of the open source browser. The only way to close the window is to force-close the entire browser using either the Windows task manager or the Force Close function in macOS. Even then, Firefox will reopen previously open tabs, resulting in an endless loop. (Update: as a commenter pointed out, restore tabs is turned off by default.) To resolve the problem, users must force-close Firefox and then, immediately upon restarting it, quickly close the tab of the scammer site before it has time to load.

Mozilla is working on a fix, which will be deployed in a future version of Firefox.