X
Tap here to go to the mobile version of the site.

Support Forum

A page which is FF (nearly identical) keeps asking me to d/l install an emergency *.js patch and I know it's not FF. What to do?

Posted

I wish I could be specific. The page comes up as if piggybacked but it comes from a legitimate URL. (like Yahoo) It isn't from FF, I know, but it's got the fox near the top of the page and nothing ON the page itself.

I wish I could be specific. The page comes up as if piggybacked but it comes from a legitimate URL. (like Yahoo) It isn't from FF, I know, but it's got the fox near the top of the page and nothing ON the page itself.

Additional System Details

Installed Plug-ins

  • Intel web components updater - Installs and updates the Intel web components
  • Intel web components for Intel® Identity Protection Technology
  • Shockwave Flash 22.0 r0

Application

  • Firefox 48.0.2
  • User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
  • Support URL: https://support.mozilla.org/1/firefox/48.0.2/WINNT/en-US/

Extensions

  • Auto-Sort Bookmarks 2.10.6 (sortbookmarks@bouanto)
  • Facebook™ Disconnect 0.1.4 (jid0-dBgF7UkIiOsWqvBng4hYu@jetpack)
  • Firefox Hello 1.4.4 (loop@mozilla.org)
  • Multi-process staged rollout 1.1 (e10srollout@mozilla.org)
  • Nielsen NetSight 3.0.12 (netsight@nielsen.com)
  • Pocket 1.0.4 (firefox@getpocket.com)
  • The Addon Bar (restored) 3.2.9-compat-fixed-4 (the-addon-bar@GeekInTraining-GiT)
  • AVG Web TuneUp 4.3.4.122 (avg@toolbar) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) HD Graphics 520
  • adapterDescription2:
  • adapterDeviceID: 0x1916
  • adapterDeviceID2:
  • adapterDrivers: igdumdim64 igd10iumd64 igd10iumd64 igd12umd64 igdumdim32 igd10iumd32 igd10iumd32 igd12umd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterSubsysID: 06b21028
  • adapterSubsysID2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • clearTypeParameters: Gamma: 2200 Pixel Structure: R ClearType Level: 100 Enhanced Contrast: 300
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 10.0.14393.0
  • driverDate: 5-4-2016
  • driverDate2:
  • driverVersion: 20.19.15.4454
  • driverVersion2:
  • info: {u'AzureCanvasAccelerated': 0, u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d 1.1'}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • supportsHardwareH264: Yes; Using D3D11 API
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics 520 Direct3D11 vs_5_0 ps_5_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Modified Preferences

Misc

  • User JS: No
  • Accessibility: Yes
jscher2000
  • Top 10 Contributor
8837 solutions 72222 answers

Does the site address look mostly like gibberish? There is a rash of phishing sites pushing malware under the guide of urgent Firefox and Chrome patches/updates. This is dangerous malware and you definitely should not download or run it.

More info: I found a fake Firefox update

Since the redirect to the phishing page appears to be triggered by something in ads running on popular sites, you could consider using an ad blocking add-on, for example:

https://addons.mozilla.org/firefox/addon/ublock-origin/

Does the site address look mostly like gibberish? There is a rash of phishing sites pushing malware under the guide of urgent Firefox and Chrome patches/updates. This is dangerous malware and you definitely should not download or run it. More info: [[I found a fake Firefox update]] Since the redirect to the phishing page appears to be triggered by something in ads running on popular sites, you could consider using an ad blocking add-on, for example: https://addons.mozilla.org/firefox/addon/ublock-origin/

Question owner

This is the URL: link text

Malware run of bit defender showed 0.


jscher2000 said

Does the site address look mostly like gibberish? There is a rash of phishing sites pushing malware under the guide of urgent Firefox and Chrome patches/updates. This is dangerous malware and you definitely should not download or run it. More info: I found a fake Firefox update Since the redirect to the phishing page appears to be triggered by something in ads running on popular sites, you could consider using an ad blocking add-on, for example: https://addons.mozilla.org/firefox/addon/ublock-origin/
This is the URL: [https://xeofewhisper-dating.org/865845850970/5622847da01328c3fcf23abaf0a51f0f.html link text] Malware run of bit defender showed 0. ''jscher2000 [[#answer-912367|said]]'' <blockquote> Does the site address look mostly like gibberish? There is a rash of phishing sites pushing malware under the guide of urgent Firefox and Chrome patches/updates. This is dangerous malware and you definitely should not download or run it. More info: [[I found a fake Firefox update]] Since the redirect to the phishing page appears to be triggered by something in ads running on popular sites, you could consider using an ad blocking add-on, for example: https://addons.mozilla.org/firefox/addon/ublock-origin/ </blockquote>
James
  • Top 25 Contributor
  • Moderator
1603 solutions 11348 answers

The firefox-patch.js file and the sites with a orange background and Firefox icon are Fake as it is not from Mozilla or the Firefox web browser.

The Firefox updates has not changed since Firefox 1.5 as it is done internally (with a .mar file) or by download from mozilla.org like www.mozilla.org/firefox/all/

Mozilla has no need to host Firefox updates or download elsewhere, especially not at random weird name websites that was only registered a day earlier.

You can see this has been going on for a while unfortunately. https://support.mozilla.org/en-US/forums/contributors/712056

The '''firefox-patch.js file and the sites with a orange background and Firefox icon are Fake as it is not from Mozilla or the Firefox web browser'''. The Firefox updates has not changed since Firefox 1.5 as it is done internally (with a .mar file) or by download from mozilla.org like www.mozilla.org/firefox/all/ Mozilla has no need to host Firefox updates or download elsewhere, especially not at random weird name websites that was only registered a day earlier. You can see this has been going on for a while unfortunately. https://support.mozilla.org/en-US/forums/contributors/712056

Modified by James

Question owner

I originated this question. It's happened a few times now and I scan clear, so it's not a bug in my puter.

This is the most recent incarnation. from this URL: http://www.hometalk.com/21384897/diy-fall-wreath-tutorial?se=wkly-20160911&date=20160911&slg=747b1addf7ca1fdbb55e2d50b7e9e03a-9335625

it flipped to this URL after I had been sitting on the page for a minute or so. https://papoimidori-japan.org/264846076566/01cb38ecedbd1153fdca325ed5f94ad2.html

and asked if I wanted to open that .js file.
I originated this question. It's happened a few times now and I scan clear, so it's not a bug in my puter. This is the most recent incarnation. from this URL: http://www.hometalk.com/21384897/diy-fall-wreath-tutorial?se=wkly-20160911&date=20160911&slg=747b1addf7ca1fdbb55e2d50b7e9e03a-9335625 it flipped to this URL after I had been sitting on the page for a minute or so. https://papoimidori-japan.org/264846076566/01cb38ecedbd1153fdca325ed5f94ad2.html and asked if I wanted to open that .js file.
Happy112 561 solutions 5694 answers

Hi   JaineyCakes,

At least you're not falling for the fakes;   as long as you ignore them,   not download or click on anything,   you should be fine. Hard to get rid off these scammers, as they will change their URL on a daily basis.
Trying the ad-blocking add-on, as suggested by jscher2000, might be wise.

Would you also take a look at the following articles:
'Update Firefox to the latest version':   http://mzl.la/152VFwM and: 'Avoid and report Mozilla tech support scams':   http://mzl.la/1N46GnS

Thank you for reporting this   -   good job   !!!

Hi &nbsp; JaineyCakes,<BR> At least you're not falling for the fakes; &nbsp; as long as you ignore them, &nbsp; not download or click on anything, &nbsp; you should be fine. Hard to get rid off these scammers, as they will change their URL on a daily basis.<BR> Trying the ad-blocking add-on, as suggested by jscher2000, might be wise. Would you also take a look at the following articles:<BR> 'Update Firefox to the latest version': &nbsp; http://mzl.la/152VFwM and: 'Avoid and report Mozilla tech support scams': &nbsp; http://mzl.la/1N46GnS Thank you for reporting this &nbsp; - &nbsp; good job &nbsp; !!!
John99 971 solutions 13138 answers

A lot of people only seen to see this fake update the once, and many of those users probably are unwilling or unable to try to obtain further information, but if you aer willing to try to help identify where this is coming from this is the recent request from a Firefox developer:

Saving the page that pops up the fake update screen (not the markup of the update screen, but of the page that creates it) using ctrl-s (cmd-s on osx) and saving it once as "web page, complete" and once as "web page, HTML only", and uploading both of those as zip files (including the <pagename-you-enter-in-save-dialog>_files directory) onto this bug might help. It's hard to be sure or give detailed instructions when we don't know how exactly how the webpage is opening the window. If the update thing is now redirecting the main tab as loaded (which seems to be what some users are suggesting/experiencing) then the only thing that'll really help make sense of what's happening is a network trace from wireshark, or detailed screenshots of the firefox network console that provide similar information.
A lot of people only seen to see this fake update the once, and many of those users probably are unwilling or unable to try to obtain further information, but if you aer willing to try to help identify where this is coming from this is the recent request from a Firefox developer: <blockquote> '''Saving the page that pops up the fake update screen (not the markup of the update screen, but of the page that creates it) using ctrl-s (cmd-s on osx) and saving it once as "web page, complete" and once as "web page, HTML only", and uploading both of those as zip files (including the <pagename-you-enter-in-save-dialog>_files directory) onto this bug might help.''' It's hard to be sure or give detailed instructions when we don't know how exactly how the webpage is opening the window. If the update thing is now redirecting the main tab as loaded (which seems to be what some users are suggesting/experiencing) then the only thing that'll really help make sense of what's happening is''' a network trace from wireshark, or detailed screenshots of the firefox network console that provide similar information.'''</blockquote>

Question owner

This isn't entirely helpful unless the page showing this comment, (https://support.mozilla.org/en-US/questions/1137248?utm_campaign=questions-reply&utm_medium=email&utm_source=notification) is the URL you want the Fake pages to.

This isn't entirely helpful unless the page showing this comment, (https://support.mozilla.org/en-US/questions/1137248?utm_campaign=questions-reply&utm_medium=email&utm_source=notification) is the URL you want the Fake pages to.