Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

why am i getting a firefox-patch.js from yiomolibertyreserve.org?? is this legit??

  • 16 replies
  • 159 have this problem
  • 18792 views
  • Last reply by rdwray

more options

got a screen popping up saying there is an urgent firefox update and a button to download now. the patch window opens on top of it... firefox-patch.js which is a javascript file from : https//yiomolibertyreserve.org it asks if i want to save it. https://yiomolibertyreserve.org/7571196957168/a12d822d5bffd48d6ca7139f4bc0ef4c.html (in address bar) is this legit? do i need to save it or what??

Chosen solution

This is malware. Firefox does not update using such a method.

Note there will shortly be a genuine upgrade to Firefox 48. Using a blocker such as ublock origin may help prevent such problems.

If you have downloaded and clicked on or run such malware please post back for further advice.


P.S. Please also see

Read this answer in context 👍 48

All Replies (16)

more options

Chosen Solution

This is malware. Firefox does not update using such a method.

Note there will shortly be a genuine upgrade to Firefox 48. Using a blocker such as ublock origin may help prevent such problems.

If you have downloaded and clicked on or run such malware please post back for further advice.


P.S. Please also see

Modified by John99

more options

thank you for getting back to me!! i have to admit this looked like the real deal and i was very tempted to click on it thinking that it was from mozilla-firefox. it even had the "firefox automatically sends some data to mozilla so that we can improve your experience." at the bottom of the page along with the "choose what i share" button. just sayin' it really looked legit other than the fact that it popped up up out of nowhere... thanks again!!

more options

sylentdiva said

thank you for getting back to me!! i have to admit this looked like the real deal and i was very tempted to click on it thinking that it was from mozilla-firefox. it even had the "firefox automatically sends some data to mozilla so that we can improve your experience." at the bottom of the page along with the "choose what i share" button. just sayin' it really looked legit other than the fact that it popped up up out of nowhere... thanks again!!

You noticed the page in thinking it looked like it could be official yet the weird name of the yiomolibertyreserve url did not raise any red flags for you?.

Mozilla does not need to host anything updates/downloads for desktop Firefox related outside of a *.mozilla.org url.

Every one of these disposable Firefox patch scam sites have had a weird name. https://support.mozilla.org/en-US/forums/contributors/712056

more options

How do we stop the pop-up? I've been canceling it, but it is still randomly popping up on my browser. I've searched my computer for the "firefox-patch.js" and I am not finding it. Trying to delete it.

more options

This is normally something external.

Possibly the malverts involved are somehow able to fingerprint and target particular categories of victims, possibly partly in a manner not dissimilar from the way other adverts will be targeted at what are your perceived interests.

By using some sort of script or adblocker you probably reduce the chance of seeing these fake update requests.

more options

The problem with trying to block this thing is that it just changes to a new URL. The best that can be done is to keep causing the websites to be shut down, send the following info to abuse@trellian.com Date Time URL Image of the page with the download popup; I use a snipping tool to cut the relative section of the page and paste it into the email.

more options

rdwray said

The problem with trying to block this thing is that it just changes to a new URL. The best that can be done is to keep causing the websites to be shut down, send the following info to abuse@trellian.com Date Time URL Image of the page with the download popup; I use a snipping tool to cut the relative section of the page and paste it into the email.

The sites are registered the day before and then only used for about a day anyways.

more options

It looks like there should be a way to block with the page text because this is the only common thing, it always comes through with "Urgent Firefox update". They may change the text, but it would take a while for the "punk" to catch on.

I would still like to know how this is happening, what on my computer is letting the hacker overwrite another website?

Modified by rdwray

more options

FYI: I only get this scam splash screen when visiting conservative news Websites such as Fox news or Breitbart.

more options

I get it random, sometimes weeks apart and sometimes two days in a row.

more options

The timing of the fake Firefox updates is random, but it is always from visiting conservative news online.

more options

stepan1 said

The timing of the fake Firefox updates is random, but it is always from visiting conservative news online.

Maybe for you, but not for me. The problem is with FF or it would not be happening; reputable websites do not spread malware. They keep thinking they are protecting against attacks with all the changes the make to FF but they don't seem to have a clue as to how these attacks are happening. FF has a bug...

more options

rdwray said

stepan1 said
The timing of the fake Firefox updates is random, but it is always from visiting conservative news online.

Maybe for you, but not for me. The problem is with FF or it would not be happening; reputable websites do not spread malware. They keep thinking they are protecting against attacks with all the changes the make to FF but they don't seem to have a clue as to how these attacks are happening. FF has a bug...

  • We are almost 100% certain this is not due to a Firefox bug.
  • It may at least in part involve malware on your computer. It certainly increases the risk of you getting malware. Malware that could steal your data or money or both.
  • We are also aware that these pages are malware that is undeniable.
  • Where do you think they come form? You are getting them off the internet.

The fact that some people do not see these or see these and then get alerts or blocks is due to ad blockers and security software, without those you are at increased risk.

Reputable sites do sometimes get hacked. Many reputable sites do spread advert content. They may need to just to survive. How well are the details of those adverts and their complex scripting and nested redirects checked by the reputable company ? Lets say the I am fairly certain the Company will check they receive the revenue as and when expected, but do they have any incentive to spend - or as they see it waste - money on checking the adverts or whatever that the end user receives.

more options

IE is the most open web browser on the market, so why doesn't this happen to it? For a piece of malware to get on my PC, I would have to download something that contained it or open a contaminated email. This did not start taking place until I installed FF 47 and now it does not matter if I rollback or not, it is still present.

If I did not have so many addons I would do a total removal of FF and start over just to prove my point. The biggest problem is cleaning out the registry.

Modified by rdwray

more options

I have seen people using older versions of Firefox on Windows like Firefox 45.0 (likely ESR) or 43.0.1 if they were using WinXP or Vista and did not update.

It has been elaborate enough that no Firefox user on Mac or Linux has reported a fake urgent Firefox update site yet.

Look even Google Chrome on Windows is getting a fake update page and served a fake patch file also. A longer running thread example. https://productforums.google.com/forum/m/#!topic/chrome/HcXgFFaO9WU

These malware Ads scams can be elaborate as there was one not long ago that was finally shut down. It basically targeted Windows users, and not just any but looked for those who had a oem system and other conditions to make it harder for security researchers to investigate it. http://www.theregister.co.uk/2016/07/28/adgholas_malvertising/

Modified by James

more options

James said

I have seen people using older versions of Firefox on Windows like Firefox 45.0 (likely ESR) or 43.0.1 if they were using WinXP or Vista and did not update. It has been elaborate enough that no Firefox user on Mac or Linux has reported a fake urgent Firefox update site yet. Look even Google Chrome on Windows is getting a fake update page and served a fake patch file also. A longer running thread example. https://productforums.google.com/forum/m/#!topic/chrome/HcXgFFaO9WU These malware Ads scams can be elaborate as there was one not long ago that was finally shut down. It basically targeted Windows users, and not just any but looked for those who had a oem system and other conditions to make it harder for security researchers to investigate it. http://www.theregister.co.uk/2016/07/28/adgholas_malvertising/

I read both the articles and there does not seem to be a solution for the FF problem. I have had a couple of major malwares that took me up to a month to get rid of, but I don't see anything related to this problem and that is what makes me believe that FF (same a Goggle Chrome) has a bug that is being targeted - these seem to be the only browsers that are affected.