X
Tap here to go to the mobile version of the site.

Support Forum

Urgent Fire Fox Update Notice

Posted

I keep getting a screen popping up that says "Urgent Firefox Update". My protection software is blocking it, saying it's a Trojan. When I go to Mozilla, it says my Firefox is up to date. Is there an Urget Update or not?

I keep getting a screen popping up that says "Urgent Firefox Update". My protection software is blocking it, saying it's a Trojan. When I go to Mozilla, it says my Firefox is up to date. Is there an Urget Update or not?

Chosen solution

Hi

We are aware of this issue are are working to resolve it. From what you are saying this is almost certainly malware.

Firefox will always update from within the browser and not from a random web page. If you ever unsure of whether you are using the most recent version, this page will walk you through how to check.


Comment added by a forum moderator Please also see our help article

If you do see one of these fake updates please as a reply to this thread post the web address of the fake orange page and if possible the address of the genuine website it appears to have come from - the back arrow on the address bar of the orange page may sometimes help find that.

Read this answer in context 236

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape 15.16.20045
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.91.2 for Mozilla browsers
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Office Authorization plug-in for NPAPI browsers
  • Shockwave Flash 22.0 r0
  • 5.1.41212.0
  • Skype for Business Web App Plug-in
  • NPWLPG
  • iTunes Detector Plug-in

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0

More Information

Seburo
  • Top 10 Contributor
  • Moderator
799 solutions 5921 answers

Chosen Solution

Hi

We are aware of this issue are are working to resolve it. From what you are saying this is almost certainly malware.

Firefox will always update from within the browser and not from a random web page. If you ever unsure of whether you are using the most recent version, this page will walk you through how to check.


Comment added by a forum moderator Please also see our help article

If you do see one of these fake updates please as a reply to this thread post the web address of the fake orange page and if possible the address of the genuine website it appears to have come from - the back arrow on the address bar of the orange page may sometimes help find that.

Hi We are aware of this issue are are working to resolve it. From what you are saying this is almost certainly malware. Firefox will always update from within the browser and not from a random web page. If you ever unsure of whether you are using the most recent version, this [https://support.mozilla.org/en-US/kb/update-firefox-latest-version page] will walk you through how to check. -------- Comment added by a forum moderator Please also see our help article * [[I found a fake Firefox update]] If you do see one of these fake updates please as a reply to this thread post the web address of the fake orange page and if possible the address of the genuine website it appears to have come from - the back arrow on the address bar of the orange page may sometimes help find that.

Modified by John99

tonto91 0 solutions 9 answers

This issue is getting more and more common as the days go by. And more aggressive. Seems now there is an auto download that starts whether I want it to or not. Click on anything or not. Luckily Norton intercepts it. Have started using Chrome more.

This issue is getting more and more common as the days go by. And more aggressive. Seems now there is an auto download that starts whether I want it to or not. Click on anything or not. Luckily Norton intercepts it. Have started using Chrome more.
John99 971 solutions 13138 answers

Please explain what site you are seeing this on and paste relevant internet addresses into your reply. When we see this ourselves we try to report it.

I am not aware yet of any cases where this auto downloads, so you may have stumbled across a new more dangerous version.

Please explain what site you are seeing this on and paste relevant internet addresses into your reply. When we see this ourselves we try to report it. I am not aware yet of any cases where this auto downloads, so you may have stumbled across a new more dangerous version.
sgross37 0 solutions 2 answers

Helpful Reply

Here is a screen shot of what I had. Wanted to download from https://feehacitysocialising.net. I closed window and hit back button to get out of it,

Here is a screen shot of what I had. Wanted to download from https://feehacitysocialising.net. I closed window and hit back button to get out of it,
tonto91 0 solutions 9 answers

I will try to do that. But anymore because of this development when I see the Urgent update tab pop open I shut the tab ASAP and cancel the pop up that comes with this.

The URL shown in the Urgent Update Tab is different every time. Naturally it's never mozilla.org.

The last time this happened it only took the time for me to try to capture that URL in the browser for NORTON to spring into action. Thank God for that!

Sorry I couldn't be more help. I looked in Norton but it wasn't that helpful either.

I will try to do that. But anymore because of this development when I see the Urgent update tab pop open I shut the tab ASAP and cancel the pop up that comes with this. The URL shown in the Urgent Update Tab is different every time. Naturally it's never mozilla.org. The last time this happened it only took the time for me to try to capture that URL in the browser for NORTON to spring into action. Thank God for that! Sorry I couldn't be more help. I looked in Norton but it wasn't that helpful either.
jscher2000
  • Top 10 Contributor
8775 solutions 71736 answers

Hi sgross37, when you went back, what was the site from which this page loaded?

Hi sgross37, when you went back, what was the site from which this page loaded?
tonto91 0 solutions 9 answers

I can tell you what site it comes up for me the most. http://milb.com/ I check the box scores of the Columbus Clippers, Akron Rubber Ducks and Lynchburg Hillcats (each of those is a different site ie the Rubber Ducks site is http://www.milb.com/index.jsp?sid=t402). It's not off the home page. It's seems to happen most often off the box scores page. Other than that I haven't discerned any pattern. I even emailed their support and told them they had a problem. They told me to run a malware checker. Malwarebytes comes up clean. So that isn't it.

I can tell you what site it comes up for me the most. http://milb.com/ I check the box scores of the Columbus Clippers, Akron Rubber Ducks and Lynchburg Hillcats (each of those is a different site ie the Rubber Ducks site is http://www.milb.com/index.jsp?sid=t402). It's not off the home page. It's seems to happen most often off the box scores page. Other than that I haven't discerned any pattern. I even emailed their support and told them they had a problem. They told me to run a malware checker. Malwarebytes comes up clean. So that isn't it.
sgross37 0 solutions 2 answers

I don't remember which site, I believe it was my netzero email page, but not certain. I will post if it happens again.

I don't remember which site, I believe it was my netzero email page, but not certain. I will post if it happens again.

Question owner

I am using ESET to defend my PC. It blocks whatever this problem is before it even gets started, then the tab opens up behind whatever tab it is I am on currently. I close the tab. This does not yet seem to have affected my PC.

I am using ESET to defend my PC. It blocks whatever this problem is before it even gets started, then the tab opens up behind whatever tab it is I am on currently. I close the tab. This does not yet seem to have affected my PC.
tonto91 0 solutions 9 answers
Just happened again. I was on this page: http://www.breitbart.com/big-government/2016/07/09/chaos-in-baton-rouge-the-new-black-panthers-are-here/
the_steve_randolph 0 solutions 6 answers

I have been getting this pop-up at http:/att.yahoo.com

It seems to happen when I have switched to another window and a few seconds later I get the pop-up.

It tells me it will launch firefox-patch.exe from eudorbollywoodhabri.net

I have been getting this pop-up at http:/att.yahoo.com It seems to happen when I have switched to another window and a few seconds later I get the pop-up. It tells me it will launch firefox-patch.exe from eudorbollywoodhabri.net

Modified by the_steve_randolph

jscher2000
  • Top 10 Contributor
8775 solutions 71736 answers

Hi the_steve_randolph, could you check that your Flash plugin is up-to-date? You can check using the About Plugins page: type or paste about:plugins in the address bar and press Enter. You can use Find (Ctrl+f) for npswf to skip to the Flash plugins.

Current versions:

Regular release: 22.0.0.192 Extended support release: 18.0.0.360

(https://www.adobe.com/products/flashp.../distribution3.html)

Older versions may be more vulnerable to being used for malware delivery.

Hi the_steve_randolph, could you check that your Flash plugin is up-to-date? You can check using the About Plugins page: type or paste '''about:plugins''' in the address bar and press Enter. You can use Find (Ctrl+f) for ''npswf'' to skip to the Flash plugins. Current versions: Regular release: 22.0.0.192 Extended support release: 18.0.0.360 ([https://www.adobe.com/products/flashplayer/distribution3.html]) Older versions may be more vulnerable to being used for malware delivery.
marcgroenenj 0 solutions 9 answers

Hi Jscher2000,

I've been receiving the "Urgent Firefox Update" notice for several weeks, and as others have noted, from differing URLs. You wrote that the problem might be Shockwave Flash vulnerability and advised the current versions as of your writing (7/10/16) were: Regular release: 22.0.0.192 Extended support release: 18.0.0.360

As of this writing (7/13/16) it appears I have the latest "regular release" (showing below as "Version: 22.0.0.209"). As far as I can tell it doesn't list what you called an "Extended support release." Shockwave Flash

   File: NPSWF32_22_0_0_209.dll
   Path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll
   Version: 22.0.0.209
   State: Enabled
   Shockwave Flash 22.0 r0

But assuming I do have the latest release, the "Urgent Firefox" warning telling me I should install the patch slipped through whatever safeguards Shockwave Flash offered. I fortunately noticed the URL did not include "Mozilla" so I didn't download it.

Regards, Marc

Hi Jscher2000, I've been receiving the "Urgent Firefox Update" notice for several weeks, and as others have noted, from differing URLs. You wrote that the problem might be Shockwave Flash vulnerability and advised the current versions as of your writing (7/10/16) were: Regular release: 22.0.0.192 Extended support release: 18.0.0.360 As of this writing (7/13/16) it appears I have the latest "regular release" (showing below as "Version: 22.0.0.209"). As far as I can tell it doesn't list what you called an "Extended support release." Shockwave Flash File: NPSWF32_22_0_0_209.dll Path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll Version: 22.0.0.209 State: Enabled Shockwave Flash 22.0 r0 But assuming I do have the latest release, the "Urgent Firefox" warning telling me I should install the patch slipped through whatever safeguards Shockwave Flash offered. I fortunately noticed the URL did not include "Mozilla" so I didn't download it. Regards, Marc
Leah 1 solutions 5 answers

Still an issue. I got it this evening...screen shot the original page AND the update page...

Still an issue. I got it this evening...screen shot the original page AND the update page...
the-edmeister
  • Top 25 Contributor
  • Moderator
5406 solutions 40246 answers

Leah said

Still an issue. I got it this evening...screen shot the original page AND the update page...

Sure it's still an issue. The guy doing that is changing domains so often that is is hard to shut him down. Users need to be careful not to "fall" for that noticeably fake update - from a non- mozilla.org URL - plus Firefox updates aren't done in that manner - and aren't packaged in an .exe file.

Legally, he's wrong by mis-using a registered trademark which is what Mozilla aggressively will pursue because that's all he can legally be charged with. The "harm" that he can inflect upon users with fake downloads is a hazy area with little to no legal enforcement - BUT Mozilla is trying to shut this guy down, along with many others. "We" here are keeping track of his exploits in a contributors forum here and we are reporting every URL we are give here.

Users can help too, by using Help > Report deceptive site .... when you come across one like that. If you do that while that page is still open, that URL will be automatically captured and will appear in this page https://www.google.com/safebrowsing/report_phish/ Google and Mozilla worked together about 9 years ago to set up the SafeBrowsing feature that both browsers use, along with a few other browser 'brands'.

In conclusion - if you use uBlock Origin - https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ - you probably wouldn't have seen that page. Many of us here who use that extension have found that we don't get that type of deceptive website even appear for us. We have tested user-reported sites with that extension enabled and then without it - and saw that fake phishing site for ourselves.

''Leah [[#answer-896953|said]]'' <blockquote> Still an issue. I got it this evening...screen shot the original page AND the update page... </blockquote> Sure it's still an issue. The guy doing that is changing domains so often that is is hard to shut him down. Users need to be careful not to "fall" for that noticeably fake update - from a non- mozilla.org URL - plus Firefox updates aren't done in that manner - and aren't packaged in an '''.exe''' file. Legally, he's wrong by mis-using a registered trademark which is what Mozilla aggressively will pursue because that's all he can legally be charged with. The "harm" that he can inflect upon users with fake downloads is a hazy area with little to no legal enforcement - BUT Mozilla is trying to shut this guy down, along with many others. "We" here are keeping track of his exploits in a contributors forum here and we are reporting every URL we are give here. Users can help too, by using '''Help''' > '''Report deceptive site ....''' when you come across one like that. If you do that while that page is still open, that URL will be automatically captured and will appear in this page https://www.google.com/safebrowsing/report_phish/ Google and Mozilla worked together about 9 years ago to set up the SafeBrowsing feature that both browsers use, along with a few other browser 'brands'. In conclusion - if you use uBlock Origin - https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ - you probably wouldn't have seen that page. Many of us here who use that extension have found that we don't get that type of deceptive website even appear for us. We have tested user-reported sites with that extension enabled and then without it - and saw that fake phishing site for ourselves.
Leah 1 solutions 5 answers

Thank you for the uBlock suggestion...added it before I typed this :) I replied with the screen shots because an earlier responder on this thread asked for them.

Thank you for the uBlock suggestion...added it before I typed this :) I replied with the screen shots because an earlier responder on this thread asked for them.
clearbluethunder 0 solutions 2 answers

I have the same problem. This is one of many pages that pops up and or shows up in a tab. https://ungojantagonist.net/7871254333720/f3da0e4e1cccf5e4641596cf14ca7d47.html

I have the same problem. This is one of many pages that pops up and or shows up in a tab. https://ungojantagonist.net/7871254333720/f3da0e4e1cccf5e4641596cf14ca7d47.html
the-edmeister
  • Top 25 Contributor
  • Moderator
5406 solutions 40246 answers

clearbluethunder,

Did you report that web page as I suggested?

May not shut this guy down completely, but that site would get added to the blocklist if you do and possibly help other users.

clearbluethunder, Did you report that web page as I suggested? May not shut this guy down completely, but that site would get added to the blocklist if you do and possibly help other users.
clearbluethunder 0 solutions 2 answers

@ the-edmeister: I reported the page as you suggested.

@ the-edmeister: I reported the page as you suggested.
SirReno7 0 solutions 2 answers

Add me to the list of people who just now encountered this error. I got the same "orange screen" that other people have screenshot.. And a "firefox-patch.js" file is trying to download from https://faedijapanesepod101.net (even though I did not browse to that page intentionally, for any reason).. I was just watching a music video on DailyMotion.com -- it was the video to the song "Gettin' Some" by female rapper "Shawna." The exact address of the video I was watching was (http://www.dailymotion.com/video/xr7a7_shawnna-gettin-some-head_music) <-- minus the paranthesis... But USUALLY, problems like that don't COME from dailymotion.. I feel like something ELSE caused my browser to redirect right then (some hidden cookie somewhere?)... So anyway, my browser got redirected to the orange page to download the malware.. I knew almost RIGHT AWAY that it was malware (because this is NOT the way Firefox usually updates), and when I got the box which says "You have chosen to open: firefox-patch.js which is: JavaScript File (610 bytes) from: https://faedijapanesepod101.net -- What should Firefox do with this file? (giving me several options to save it to a specific location, with my extensions (I have "DownThemAll!" installed), or simply save it on my computer (through the regular Firefox downloader), etc... I simply CLOSED the box, without allowing it to be downloaded.. I checked to make sure my Firefox was already up to date, and it WAS, so that's ALSO how I knew this popup was fake! Moving forward, as a precaution, I'm also about to clear my cookies AND turn back on AdBlockPlus, AND "NoScript" which I have, but they were purposely disabled at the time this incident occurred.. If I would have at least had NoScript ON, this probably wouldn't have happened (it might have TRIED, but it would have automatically been blocked)... I hope you find out who is behind this malware, and they get sent to prison and raped in their @55.... HARD, and without lubrication!

Add me to the list of people who just now encountered this error. I got the same "orange screen" that other people have screenshot.. And a "firefox-patch.js" file is trying to download from https://faedijapanesepod101.net (even though I did not browse to that page intentionally, for any reason).. I was just watching a music video on DailyMotion.com -- it was the video to the song "Gettin' Some" by female rapper "Shawna." The exact address of the video I was watching was (http://www.dailymotion.com/video/xr7a7_shawnna-gettin-some-head_music) <-- minus the paranthesis... But USUALLY, problems like that don't COME from dailymotion.. I feel like something ELSE caused my browser to redirect right then (some hidden cookie somewhere?)... So anyway, my browser got redirected to the orange page to download the malware.. I knew almost RIGHT AWAY that it was malware (because this is NOT the way Firefox usually updates), and when I got the box which says "You have chosen to open: firefox-patch.js which is: JavaScript File (610 bytes) from: https://faedijapanesepod101.net -- What should Firefox do with this file? (giving me several options to save it to a specific location, with my extensions (I have "DownThemAll!" installed), or simply save it on my computer (through the regular Firefox downloader), etc... I simply CLOSED the box, without allowing it to be downloaded.. I checked to make sure my Firefox was already up to date, and it WAS, so that's ALSO how I knew this popup was fake! Moving forward, as a precaution, I'm also about to clear my cookies AND turn back on AdBlockPlus, AND "NoScript" which I have, but they were purposely disabled at the time this incident occurred.. If I would have at least had NoScript ON, this probably wouldn't have happened (it might have TRIED, but it would have automatically been blocked)... I hope you find out who is behind this malware, and they get sent to prison and raped in their @55.... HARD, and without lubrication!
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 10