. Whenever you get a message / popup that software / files need to be updated;

DO NOT USE ANY OF THE PROVIDED LINKS

While this may be a legitimate message, it could also be Malware or a Virus. Any time you want or need to check for upgrades, go to the website of the True Owner of the program in question. For example, to check out Firefox, go to https://www.mozilla.org {web link}

You can also report such a site at; Google Report Phishing Page {web link} which is the same when done while on site by going to Help > Report Web Forgery

Help us safeguard Mozilla’s trademarks by reporting misuse {web link}

To actually answer the question.

Firefox 47.0 is the current Release.

Firefox updates whether for Windows, Mac OSX or Linux are done internally in Firefox itself (with a .mar file) and by download from say www.mozilla.org/firefox/all/

There is no such thing as Firefox update patches .exe from random sites as scammers have been using this tactic in last few years to try and trick inexperienced Windows and or Firefox users into downloading and infecting their Windows if they run the said .exe

Thanks to all I thought that was the answer but the down load seemed so offical I am so glad I asked Genehaber

Today, July 4, 2016, my browsing session was interrupted by a screen in screaming orange, with Firefox logo in its center, announcing "URGENT FIREFOX UPDATE-- Download Now".

From all indications, I found this exploit after clicking on an unfamiliar link from a third party-- that is, I visited a familiar website, and at the base of that familiar page was a slide show about amazing unknown facts about the Titanic disaster. That enticing story would have led to a merry chase through 32 screen slides and who knows what questionable advertiser links-- over which the host site claims no responsibility. Although I did not complete more than a single page of the slide show, and clicked on none of the third-party links, the host page code displayed by Firefox apparently included malicious code to "poison" the current session with a bogus Firefox update announcement and a malicious link resident in system memory for the current session.

Obviously, I did not click on the Firefox update notice URL or its link (posted below, but with disabling insertion).

The URL was-- https://liirawynagrodzenia.net/9061195679153/b2eb4eda2e0c65a929a29f92da717dde [Link disabled by this insertion].html

A screenshot is attached--

Accordingly, I have reported the attempted malware exploit as a trademark violation to Mozilla Foundation and to Google's page for "Report Malicious Software"

For two days (July 10 and July 12), a similar full window image with a link to download now, appears. The download button indicated "firefox-patch.js" from fuajamagora.js -- a 542 btye javascript. I could find nothing on this "fuajamagora" through Google search. The file has been quarantined and not installed.

On July 8, a similar download "firefox-patch.exe" was also downloaded, but not installed.

Any information about these, and why they are now happening daily on one machine and not on another would be helpful.

Karl Paulsen-- From what I have gathered about bogus FF patch notices, they are associated with third-party-ad-supported web sites. Which, of course, means just about every website not affiliated with a brand or proprietary interest. The third-party links are usually benign, but often (and regularly) harbor malicious code.

Which means this is yet another advertising revenue business model problem. Since the advertising content is controlled by third-parties, visitors are at the mercy of whatever code advertisers allow / inject into browser traffic.

Likewise, websites dependent on third-party ad revenue are not the most rigorous at monitoring the ads, and do not want to annoy their advertisers. They even may protest "We did not know-- we rely on people to alert us to problems, and then we take care of them." But then, that is only what they claim.

Today, the main issue that should concern millions of FF and TB users is they have been de-sensitized by years of frequent updates-- ironically, for actual security enhancements. As a result, many users no longer even question bogus notices which have familiar Mozilla graphics.

Users can make sure their own version of FF (or TB) is current-- click on help / about Firefox (or TB), where the current version is displayed.

As Top 10 forum contributor "James" commented, Mozilla does not use announcements for its updates. The updates are installed either automatically, in the background, or they are initiated by FF users by visiting the Mozilla website-- not by clicking on any links contained in an update announcement. As Top 10 forum contributor "FredMcD" points out, it is very dangerous to click on any suspect notice-- that is how ransomware is installed,

This has been happening regularly with me for some reason (once every couple days). It happens without me clicking on anything and usually while browsing a reputable site (such as BBC News or Facebook). One of the most annoying things about this is that in all cases, the site is verified by the "COMODO RSA Domain Validation Secure Server." My version of the website was based at https://www.uibiuseikzo.org, which doesn't lead anywhere except during the attack. Firefox also shows no history of the site after the attack occurs.

I've unauthorized this certificate as an extreme measure of blocking the attack, but I've yet to see if it works.

You can use Help > Report deceptive website ... while the page is still open in Firefox to report that domain and get it added to the SafeBrowsing blocklist, and block at least that one URL. But that's just playing "whack-a-mole", new domains are springing up daily or multiple times daily; shut down one and another pops up to replace, or so it seems.

edit Almost forgot to mention that some of us have had good results at not even seeing that crap when we're using uBlock Origin. https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/

I checked a few URLs that were posted last week, without uBlock Origin I was able to get that popup and with uBlock Origin I got nothing - and no pop up.

Also, You may have ad / mal-ware. Further information can be found in the Troubleshoot Firefox issues caused by malware article.

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

<strike>Mac Malware Scanners https://discussions.apple.com/message/29938930#29938930</strike>

<strike>You can also try https://www.malwarebytes.org/antimalware/mac/index.html</strike>

edit: Since Fred did not fix links or remove them.

FredMcD, Please pay attention as this issue is only on Windows as nobody having this fake Firefox update sites issue is using a Mac OSX or Linux system including in this thread so why are you giving malware scanner links for Mac users instead of Windows ?

I can't understand why Mozilla is not giving us tools to prevent this annoying malware attempt. It seems to be occurring on a regular basis (about once every day) from various web sites and should be stopped.

IF you are listening Mozilla, please give us some guidance on how to prevent this scam.

ddenby said

I can't understand why Mozilla is not giving us tools to prevent this annoying malware attempt. It seems to be occurring on a regular basis (about once every day) from various web sites and should be stopped. IF you are listening Mozilla, please give us some guidance on how to prevent this scam.

Did you try using uBlock Origin as I suggested 2 weeks ago?

RE: Firefox-Patch JavaScript ~ I had the same problem, beginning today. I installed version 48.0.02 today. this is the first I've seen of this (attack / new version?). I was using an old version (39.0.3) before today. It's not an executable per se, but rather a JavaScript. The main interface address is: https://aphidt2cn.org/3831143112516/ad9e047fe53bcacf8228c214e857fd11.html The JavaScript file is (WARNING, this will download and possible run this script - Do not use this link if you do not know what you're doing!) https://aphidt2cn.org/3831143112516/1472418480315762/firefox-patch.js

RonRay said

RE: Firefox-Patch JavaScript ~ I had the same problem, beginning today. I installed version 48.0.02 today. this is the first I've seen of this (attack / new version?). I was using an old version (39.0.3) before today. It's not an executable per se, but rather a JavaScript. The main interface address is: https://aphidt2cn.org/3831143112516/ad9e047fe53bcacf8228c214e857fd11.html The JavaScript file is (WARNING, this will download and possible run this script - Do not use this link if you do not know what you're doing!) https://aphidt2cn.org/3831143112516/1472418480315762/firefox-patch.js

Nobody but the original person that gets the link to these disposable fake urgent Firefox updates sites could view it anyways.

https://support.mozilla.org/en-US/forums/contributors/712056