Firefox users are being targeted by awful websites that affectation a fake admonishing bulletin and then absolutely lock them out from using the browser.

Scammers have been found actively base a bug in Firefox to trick biting people into assertive that their computers have been hacked. What’s more, the attack urges users to call a counterfeit abutment line within five account to avoid having their systems disabled.

The poorly worded message, which has all the hallmarks of a scam, reads below:

Please stop and do not close the PC… The anthology key of your computer is locked. Why did we block your computer? The Windows anthology key is illegal. The Windows desktop is using pirated software. The Window desktop sends bacilli over the Internet. This Windows desktop is hacked. We block this computer for your safety.

Mozilla seems to be already aware of the issue for about three months now and is actively alive to boldness it. “Basic auth acceptance prompts can be abused for spamming users and burglary focus from the main [browser] window,” goes the description of the bug.

The browser lock (or browlock) exploit, which affects both Windows and macOS versions, works by bombarding users with ceaseless “authentication required” allotment prompts that anticipate users from abrogation or closing their browsers.

In this case, awful sites — such as d2o1sv4d11x6bc[.]cloudfront[.]net/firefox/index.html — have been accurately programmed via JavaScript to take advantage of the flaw to spam users with amaranthine popups.

It appears that, at least in one instance, the behind site was loaded upon beat a controllable link, suggesting a form of URL hijacking attack.

To get around the problem, you will have to manually abolish the browser action via the Windows Task Manager or use the Force Quit affection in macOS. But there’s a catch: if you’ve turned the restore tabs option on, you’ll be stuck in a perptual loop, with the only option being disconnecting from the internet before aperture the browser again.

It’s worth noting that Mozilla issued a fix for login prompt spam some 12 years after being appear starting with Firefox 68 back in July.

Read next: WhatsApp now lets you choose which contacts can add you to groups