Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

ierairosihanari.org keeps sending me a Firefox pop up while browsing? Whats up

more options

I am getting a Firefox update pop up from https ierairosihanari.org is that your company? If I screen copy the pop up and send you a pic will that corrupt my system?

I am getting a Firefox update pop up from https ierairosihanari.org is that your company? If I screen copy the pop up and send you a pic will that corrupt my system?

Chosen solution

Hi stevemoss, you are right to be suspicious, that fake patch is malware. This is not how Firefox updates itself. Mozilla also does not use bizarre unfamiliar server names.

These malware distribution sites seem to be using coded links that can't be viewed by support volunteers (we get a blank page).

Can you figure out from your history which site that tab might have launched from? One theory is that it comes from a bad ad in a page but it would be helpful to "name names" (or paste links) to the sites that are causing it.

And if you have never installed any add-ons to block ads, you might want to consider one. These are popular (Note: you would only want to use one at a time):

Read this answer in context 👍 0

All Replies (2)

more options

Chosen Solution

Hi stevemoss, you are right to be suspicious, that fake patch is malware. This is not how Firefox updates itself. Mozilla also does not use bizarre unfamiliar server names.

These malware distribution sites seem to be using coded links that can't be viewed by support volunteers (we get a blank page).

Can you figure out from your history which site that tab might have launched from? One theory is that it comes from a bad ad in a page but it would be helpful to "name names" (or paste links) to the sites that are causing it.

And if you have never installed any add-ons to block ads, you might want to consider one. These are popular (Note: you would only want to use one at a time):

more options

Separate issue, I think:

Next to your question, in the Question Details section, the More System Details link indicates that you have a very old Flash plugin (version 16). I'm surprised that hasn't been disabled yet, and I suggest updating ASAP. The main page to download a new installer is:

https://get.adobe.com/flashplayer/

If you do not want the current Flash 22 release, you can use the Extended Support Release of Flash 18 from the following page (about 2/3 of the way down):

https://www.adobe.com/products/flashplayer/distribution3.html