X
Tap here to go to the mobile version of the site.

Support Forum

I had a "critical update" for Firefox appear as a new tab, from a strange web address, so I canceled it --- should I have let it install?

Posted

I was on a website, reading some information, when suddenly the screen changed to the Firefox logo on an orange background. The screen said I had to download and install a "critical update" for Firefox, but the web address I was to download it from was a long, strange name that I'd never heard of before --- it certainly was NOT from Mozilla. I canceled the download, and the screen disappeared, i.e., returned to the website I was previously looking at.

Was this legitimate or bogus? Should I have downloaded it?

I wish I could remember the web address. Interestingly, when I went to my history to see it, there was no record of the address.

I was on a website, reading some information, when suddenly the screen changed to the Firefox logo on an orange background. The screen said I had to download and install a "critical update" for Firefox, but the web address I was to download it from was a long, strange name that I'd never heard of before --- it certainly was NOT from Mozilla. I canceled the download, and the screen disappeared, i.e., returned to the website I was previously looking at. Was this legitimate or bogus? Should I have downloaded it? I wish I could remember the web address. Interestingly, when I went to my history to see it, there was no record of the address.

Chosen solution

You did the right thing.

As you know, Firefox has an internal updater. You won't be redirected to websites with peculiar addresses for a legitimate update.

For more than a month there has been a pattern of orange pages with a Firefox logo that pop up a download dialog for a fake update/patch which installs malware on your system if you open/run it. Unfortunately, anyone can create an orange web page and steal the Firefox logo image, so you definitely cannot rely on appearances. Checking the address was smart.

Recently, these phishing/malware sites are launching on new addresses every day, outstripping the ability of Firefox's built-in bad site blocker to keep up.

Since the redirects to these sites seem to be pushed by ads on popular sites, you could consider using an ad blocking extension such as:

https://addons.mozilla.org/firefox/addon/ublock-origin/

If you want to report the site as a fraud: I found a fake Firefox update

And if you did open/run the download, please try cleaning your system using Malwarebytes Anti-Malware (the free version or trial version will work): https://www.malwarebytes.com/mwb-download/

You also could try some of the other tools or specialized forums in our support article: Troubleshoot Firefox issues caused by malware.

Read this answer in context 3

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape 15.20.20039
  • Citrix Online App Detector Plugin
  • GEPlugin
  • Version 5.41.3.0
  • Google Update
  • Shockwave Flash 23.0 r0

Application

  • Firefox 49.0.2
  • User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0
  • Support URL: https://support.mozilla.org/1/firefox/49.0.2/WINNT/en-US/

Extensions

  • Multi-process staged rollout 1.3 (e10srollout@mozilla.org)
  • Pocket 1.0.4 (firefox@getpocket.com)
  • Web Compat 1.0 (webcompat@mozilla.org)
  • Bitdefender Wallet 4.1.6 (bdwteffv20@bitdefender.com) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) HD Graphics 3000
  • adapterDescription2:
  • adapterDeviceID: 0x0126
  • adapterDeviceID2:
  • adapterDrivers: igdumd64 igd10umd64 igd10umd64 igdumd32 igd10umd32 igd10umd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterSubsysID: 05041028
  • adapterSubsysID2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • crashGuards: []
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 10.0.14393.351
  • driverDate: 5-27-2015
  • driverDate2:
  • driverVersion: 9.17.10.4229
  • driverVersion2:
  • featureLog: {u'fallbacks': [], u'features': [{u'status': u'available', u'description': u'Compositing', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'HW_COMPOSITING'}, {u'status': u'available', u'description': u'Direct3D11 Compositing', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'D3D11_COMPOSITING'}, {u'status': u'disabled', u'description': u'Direct3D9 Compositing', u'log': [{u'status': u'disabled', u'message': u'Disabled by default', u'type': u'default'}], u'name': u'D3D9_COMPOSITING'}, {u'status': u'available', u'description': u'Direct2D', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'DIRECT2D'}, {u'status': u'available', u'description': u'Direct3D11 hardware ANGLE', u'log': [{u'status': u'available', u'type': u'default'}], u'name': u'D3D11_HW_ANGLE'}]}
  • info: {u'AzureCanvasAccelerated': 0, u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d 1.1', u'ApzWheelInput': 1}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • supportsHardwareH264: Yes; D3D11 blacklisted with DLL igd10umd32.dll (9.17.10.4229); Using D3D9 API
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics 3000 Direct3D11 vs_4_1 ps_4_1)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Modified Preferences

Misc

  • User JS: No
  • Accessibility: No
jscher2000
  • Top 10 Contributor
8792 solutions 71909 answers

Chosen Solution

You did the right thing.

As you know, Firefox has an internal updater. You won't be redirected to websites with peculiar addresses for a legitimate update.

For more than a month there has been a pattern of orange pages with a Firefox logo that pop up a download dialog for a fake update/patch which installs malware on your system if you open/run it. Unfortunately, anyone can create an orange web page and steal the Firefox logo image, so you definitely cannot rely on appearances. Checking the address was smart.

Recently, these phishing/malware sites are launching on new addresses every day, outstripping the ability of Firefox's built-in bad site blocker to keep up.

Since the redirects to these sites seem to be pushed by ads on popular sites, you could consider using an ad blocking extension such as:

https://addons.mozilla.org/firefox/addon/ublock-origin/

If you want to report the site as a fraud: I found a fake Firefox update

And if you did open/run the download, please try cleaning your system using Malwarebytes Anti-Malware (the free version or trial version will work): https://www.malwarebytes.com/mwb-download/

You also could try some of the other tools or specialized forums in our support article: Troubleshoot Firefox issues caused by malware.

You did the right thing. As you know, Firefox has an internal updater. You won't be redirected to websites with peculiar addresses for a legitimate update. For more than a month there has been a pattern of orange pages with a Firefox logo that pop up a download dialog for a fake update/patch which installs malware on your system if you open/run it. Unfortunately, anyone can create an orange web page and steal the Firefox logo image, so you definitely cannot rely on appearances. Checking the address was smart. Recently, these phishing/malware sites are launching on new addresses every day, outstripping the ability of Firefox's built-in bad site blocker to keep up. Since the redirects to these sites seem to be pushed by ads on popular sites, you could consider using an ad blocking extension such as: https://addons.mozilla.org/firefox/addon/ublock-origin/ If you want to report the site as a fraud: [[I found a fake Firefox update]] And if you did open/run the download, please try cleaning your system using Malwarebytes Anti-Malware (the free version or trial version will work): https://www.malwarebytes.com/mwb-download/ You also could try some of the other tools or specialized forums in our support article: [[Troubleshoot Firefox issues caused by malware]].
jscher2000
  • Top 10 Contributor
8792 solutions 71909 answers

Helpful Reply

By the way, the mechanism you described sounds like a new twist if the site did not end up in your history and you did not need to go Back to the site you were on. Maybe they are exiting their page in a new way that removes that data to try to avoid getting caught.

(This is possible using the location.replace() script method to load a new place in place of the current one, replacing the current page in your history with the new one.)

By the way, the mechanism you described sounds like a new twist if the site did not end up in your history and you did not need to go Back to the site you were on. Maybe they are exiting their page in a new way that removes that data to try to avoid getting caught. (This is possible using the location.replace() script method to load a new place in place of the current one, replacing the current page in your history with the new one.)