Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

I had a "critical update" for Firefox appear as a new tab, from a strange web address, so I canceled it --- should I have let it install?

more options

I was on a website, reading some information, when suddenly the screen changed to the Firefox logo on an orange background. The screen said I had to download and install a "critical update" for Firefox, but the web address I was to download it from was a long, strange name that I'd never heard of before --- it certainly was NOT from Mozilla. I canceled the download, and the screen disappeared, i.e., returned to the website I was previously looking at.

Was this legitimate or bogus? Should I have downloaded it?

I wish I could remember the web address. Interestingly, when I went to my history to see it, there was no record of the address.

I was on a website, reading some information, when suddenly the screen changed to the Firefox logo on an orange background. The screen said I had to download and install a "critical update" for Firefox, but the web address I was to download it from was a long, strange name that I'd never heard of before --- it certainly was NOT from Mozilla. I canceled the download, and the screen disappeared, i.e., returned to the website I was previously looking at. Was this legitimate or bogus? Should I have downloaded it? I wish I could remember the web address. Interestingly, when I went to my history to see it, there was no record of the address.

Chosen solution

You did the right thing.

As you know, Firefox has an internal updater. You won't be redirected to websites with peculiar addresses for a legitimate update.

For more than a month there has been a pattern of orange pages with a Firefox logo that pop up a download dialog for a fake update/patch which installs malware on your system if you open/run it. Unfortunately, anyone can create an orange web page and steal the Firefox logo image, so you definitely cannot rely on appearances. Checking the address was smart.

Recently, these phishing/malware sites are launching on new addresses every day, outstripping the ability of Firefox's built-in bad site blocker to keep up.

Since the redirects to these sites seem to be pushed by ads on popular sites, you could consider using an ad blocking extension such as:

https://addons.mozilla.org/firefox/addon/ublock-origin/

If you want to report the site as a fraud: I found a fake Firefox update

And if you did open/run the download, please try cleaning your system using Malwarebytes Anti-Malware (the free version or trial version will work): https://www.malwarebytes.com/mwb-download/

You also could try some of the other tools or specialized forums in our support article: Troubleshoot Firefox issues caused by malware.

Read this answer in context 👍 3

All Replies (2)

more options

Chosen Solution

You did the right thing.

As you know, Firefox has an internal updater. You won't be redirected to websites with peculiar addresses for a legitimate update.

For more than a month there has been a pattern of orange pages with a Firefox logo that pop up a download dialog for a fake update/patch which installs malware on your system if you open/run it. Unfortunately, anyone can create an orange web page and steal the Firefox logo image, so you definitely cannot rely on appearances. Checking the address was smart.

Recently, these phishing/malware sites are launching on new addresses every day, outstripping the ability of Firefox's built-in bad site blocker to keep up.

Since the redirects to these sites seem to be pushed by ads on popular sites, you could consider using an ad blocking extension such as:

https://addons.mozilla.org/firefox/addon/ublock-origin/

If you want to report the site as a fraud: I found a fake Firefox update

And if you did open/run the download, please try cleaning your system using Malwarebytes Anti-Malware (the free version or trial version will work): https://www.malwarebytes.com/mwb-download/

You also could try some of the other tools or specialized forums in our support article: Troubleshoot Firefox issues caused by malware.

more options

By the way, the mechanism you described sounds like a new twist if the site did not end up in your history and you did not need to go Back to the site you were on. Maybe they are exiting their page in a new way that removes that data to try to avoid getting caught.

(This is possible using the location.replace() script method to load a new place in place of the current one, replacing the current page in your history with the new one.)