User Agent: Mozilla/5.0 (Windows NT 6.0; rv:51.0) Gecko/20100101 Firefox/51.0 Build ID: 20170125094131 Steps to reproduce: Every few days while using Firefox, a bright orange screen will come up filling the computer screen, and asking me to install a Firefox security update entitled 'Firefox.Patch.js" but it is not from Mozilla. The URL that appears is: https://peenainfernalrestraints.org/9483168149188/7dab2c330201527626651a0a67606a20/31f61249fdba9bbd1cd49d49157387e9.html I think that this is a hoax, virus, or other computer hack attempt. I do not believe that it is from Mozilla. I am using the Bug Report Procedure, because it is the closest one on the Mozilla web page that I could find which might be closest. Actual results: Nothing yet. I have not "clicked" on the link provided. All I did was attempt to get as much information as I could without opening anything. I believe that this is a "security" problem, but I do not know of any other way to report it to you. Ralph n7kga@arrl.net

The closest I can find to a Firefox Version is 51.0.1

Your computer is probably infected by a malware, see the FAQ to clean it: https://support.mozilla.org/t5/Procedures-to-diagnose-and-fix/Troubleshoot-Firefox-issues-caused-by-malware/ta-p/1595 As it's a support question, you should use the official support, not Bugzilla which is not intented for that: https://support.mozilla.org/t5/Firefox/bd-p/Privacy-Security

The page you describe has been around for a while. It's a "social engineering" attempt to get you to download and open the "patch". If you do nothing it's not harmful, it's just a pop-up ad web page. People using other browsers often see a similar message except branded with their browser of choice. If you download and open the file it is a JScript file that will be run by the built-in Windows Scripting Host and infect your machine. Last time this was tracked down it was the Kovter malware, but I'm sure it could be easily adapted to the malware du jour. The source of the ads is unknown. The URL shown in the popup is a random host and quickly changes. This campaign has been going on for a while and hasn't been seen often on legit/popular sites -- most of the ad networks seem to be on the watch for it. If you getting this a lot look for patterns in your browsing to see if you can identify a common source site and maybe from there we can figure out what ad network that site uses and start digging there. --OR-- you already have local ad-ware running (Loic's presumption in comment 2) and these are just one of the poor quality ads it's injecting into your browsing.

Another redirected site and JS hack attempt: https://pielumzsky.org/2901207857035/7fe797f2a2e6ffdd40b212554919b78b/86fae12144b2e9372e09c3aef6b0ee56.html

I was having this bug in Firefox for several weeks. At the same time, I had a lot of trouble with the Adobe Flash plug in after the recent update to 24.0 r0 in early March, so I set the Flash plug-in to "Ask to Activate." I have not seen the Firefox bug reported here since I set Flash to "Ask to Activate." I don't know if the two things are related, but I thought I would mention it.

If you think your have still the issue and you think could be infected by a malware, you can use the free tool Adcleaner. https://toolslib.net/downloads/viewdownload/1-adwcleaner/ You can eventually make a reset of your current profile to keep only private data. https://support.mozilla.org/t5/Documents-Archive/Reset-Firefox-fix-most-problems/ta-p/13111