Unfortunately, someone has figure out how to redirect from ads on websites to the phishing page pushing the malware. If you don't accept the download pushed by the site, you don't get infected.

I don't know whether that can be blocked from within Firefox. However, you could consider using an ad blocker such as:

https://addons.mozilla.org/firefox/addon/ublock-origin/

See also: I found a fake Firefox update

The fake firefox-patch.js file is not from Mozilla or the Firefox web browser.

Mozilla has no need to host desktop Firefox downloads or updates elsewhere, especially not at random weird name websites.

The way Firefox updates are done has not changed as updates are done internally in Firefox (with a .mar type of file) whether on Windows, Mac OSX or Linux or by download from mozilla.org like say www.mozilla.org/firefox/all

Unfortunately this has gone on for a few months now with one or two new sites reported almost everyday. https://support.mozilla.org/en-US/forums/contributors/712056/ and https://support.mozilla.org/en-US/forums/contributors/712075

theraven44052 said

I haven't even downloaded Java on this machine yet. You people at Firefox/Mozilla need to get this fixed or you're going to lose a TON of users.

Note the JavaScript and Java Plugin are two separate things as JavaScript was originally going to be called LiveScript which would have limited confusion between two over the years. http://kb.mozillazine.org/JavaScript_is_not_Java

Mozilla would like to get the Ad network(s) dealing these malicious Ads dealt with however it is made harder due to only the original person to get the fake urgent update ad page was able to view it.