Hi, thanks for reporting a fake update. Please see the article - I found a fake Firefox update.

If you are in any doubt about the authenticity of update pop-ups etc., it's always best to ignore them and check for yourself by opening the 3-bar menu > Help (question mark at bottom right) > About Firefox. Alternatively, you can press the Alt key to bring up the main menu bar > Help > About Firefox. More - Update Firefox to the latest release.

A possible workaround is to install an ad-blocker, such as -

https://addons.mozilla.org/en-US/firefox/addon/ublock-origin

Or, but this may be less effective - https://addons.mozilla.org/en-US/firefox/addon/adblock-plus

For reference only - please don't post here - this forum is for Mozilla Support Contributors only https://support.mozilla.org/en-US/forums/contributors/712056?last=69507

Since you have clicked on it, you may have picked up an infection, so to be on the safe side, you can try these free programs to scan for malware, which work with your existing antivirus software:

• Microsoft Safety Scanner
• MalwareBytes' Anti-Malware
• Anti-Rootkit Utility - TDSSKiller
• AdwCleaner (for more info, see this alternate AdwCleaner download page)
• Hitman Pro
• ESET Online Scanner

Note that not all removal programs will detect all malware, so you may need to run several or all of them.

Further information can be found in the Troubleshoot Firefox issues caused by malware article.

Did this fix your problems? Please report back to us. Thank you!

That is the question, am I infected? I have Norton AV, ran Constant Guard Malware check, I have Malwarebytes , and Antiexploit and nothing has showed up in scans, thats why I am wondering what does it target/infect? They hide these things in places the scans don't see them, so was wondering if you had any specifics on this one? I included the Http which should help ferret out the what and who, https://aiquushcp.net/917411245857/05bd42f25eab1280efb5b21fe451105f.html

Did you save and run that firefox-patch.js file?

If not, nothing was installed. Simply being offered that file doesn't infect you, the js file needs to be executed.

I'm not sure, it was in my download folder, I was getting this new laptop going and that popped up, it looks very official and it filled the whole screen. I remember thinking something must be really wrong with the browser to have this pop up and say how it was an Urgent Patch. I was busy trying to get everything loaded and I may have executed it in the download file as it was so official important looking. It popped up out of no where, I wasn't changing pages or sites, just all the sudden it was there, so how did it "get" in the browser? I think I did run it....it wasn't until I stepped back and thought about it logically and went to see how Foxfire did updates? So I think that I ran it, it looked real, and came from nowhere, I mean I wasn't changing sites or anything so I probably ran it. You have to admit it looks very real. I didn't think about it until later that it might have been bogus. Thats why I am wanting to know what/how it infects. Ive ran Windows Security scanner, it didn't see anything, Malware didn't pick anything up, but thats not really that unusual they devise them to be invisible to the malware hunters. So I still have no idea if I have it, where and what it does and how, but I just bought a new PC because the older laptop was infected to where it was getting unusable and it has been cleaned 6 months before. I am frustrated because how did it get "into the Firefox browser per se". My laptop is only days old, so I want to try and find out the modus operandi of this malware so if needed I can take it to a professional to find and kill this critter, but I cant afford someone spending hours looking for this critter. I'm sure you can understand where I am coming from and my frustration. Looking at the attached jpeg, you can see how easily I/anybody could think it was real. Anything you can tell me about this critter/what to do/verify I don't or do have it. I need some direction. It has been my experience that things get by the various malware and AV programs and infect the machine, unbeknowst to the owner until it becomes unstable/unusuable. Ive had to have various machine cleaned even though I am vigilant about AV and Malware programs and scans. I Had to clean it and it he found all sorts of things that got by. I don't want this to get by, we have an address so what,where,how, does it work. Thank you for your assistance

For the past few months a malicious Ad network has been serving this fake Firefox update on new disposable websites to some Firefox users on Windows, though not on Mac OSX or Linux. Initially it was a firefox-patch.exe that was being served however it must have kept getting blocked on flagged in different ways as the .exe changed frequently at times according to virustotal scans. Then on July 11 the fake firefox-patch.js started being served and continued since.

Not everybody encounters this however once you do you may have a increased chanced of encountering it again. Ad blocking Extensions like ublock-origin can help.

This has not been determined to be due to malware on Windows.

You can see how elaborate this has been going on for at https://support.mozilla.org/en-US/forums/contributors/712056

Nothing stops people from making a site with a product icon or such background and serve a file with words like urgent or security update for insert name application or Plugin. There has been many fake update pages for Flash Player and Java for example.

Wow, that's not good and from a users standpoint, doesn't look good because it is associated with the Firefox name. Unfortunately, guilt by association. I will say that a good deal of users fall for it because they are not IT geeks. I fell for it, then realized it a few minutes later, and said damn. Even if only 5 people a day fall for it, overall that's a small percentage of people with a potential issue relative to the total number of users. However, that is a 100% failure for those people. Each is an individual like my self that may have been infected. I still don't know what to do? Am I infected or not? I don't know. That's why it be helpful to know the who, what, where,when,how, this potential malware works. Can't you wizards lookàt the website/address and figure out how it works in a PC and how to get rid of it? I don't know what to do next.....Thank you, I understand its a dilemma in the big picture, but it is a dilemma in the small picture also, and don't know where to turn other than Firefox, its that guilt by association, and reputation issue. What am I to do? Sorry for the grammar I am on a tablet. Bottom line for me is what do I do next? ESET was doing a scan, said it found 6 threats and then just quit/crapped out after about 2 hours of scan time. Direction, wisdom, ideas, plan?

It got a virus.

I tried to run another ESET scan, said there were 5 threats, got about 80% through and crashed again. EOS V2 Stopped Working. Then I just tried Norton Power Eraser and it found nothing. I'm lost wandering through cyberspace and don't know what to do

I haven't read a recent analysis of the .js file, but it previously installed a "fileless" malware that was completely resident in the Windows registry. If you cannot clean it using either Malwarebytes (which should be able to do it), there is a tool from Symantec (makers of Norton software) to do it:

https://www.symantec.com/security_response/writeup.jsp?docid=2015-092321-2230-99

Alternately, you could consider a Windows System Restore. I generally frown on that feature due to possibly trashing data, but...