Where did you install Firefox from? Help Mozilla uncover 3rd party websites that offer problematic Firefox installation by taking part in our campaign. There will be swag, and you'll be featured in our blog if you manage to report at least 10 valid reports!

Avatar for Username

Támogatás keresése

Kerülje el a támogatási csalásokat. Sosem kérjük arra, hogy hívjon fel egy telefonszámot vagy osszon meg személyes információkat. Jelentse a gyanús tevékenységeket a „Visszaélés bejelentése” lehetőséggel.

Learn More

A témacsoportot lezárták és archiválták. Tegyen fel új kérdést, ha segítségre van szüksége.

[Security Issue] Redirect block is useless without redirect info.

  • 2 válasz
  • 2 embernek van ilyen problémája
  • 4 megtekintés
  • Utolsó üzenet ettől: cor-el

mietekszczesniak
mietekszczesniak
more options

I turned on "Warn me when websites try to redirect or reload a page."

However, when I get the warning (plus an Allow button) I'm not told where the redirect leads. How am I supposed to decide whether I want to take that redirect or if it's safe if I have no idea where it's taking me?

At the very least, Firefox should display the redirect URL. It's also a good idea to tell the user whether it's a javascript redirect, a html meta tag redirect, or a 30x HTTP code - and if the latter, which one exactly. (Telling this could be an option for the more technically sophisticated users.)

And I sincerely hope that the redirect warning feature stops all of the above. Otherwise what's the point if it can be circumvented. (Please elaborate in response.)

With the NSA using redirects against even technically savvy targets (the infamous Slashdot/LinkedIn MitM/MotS against EU telecoms tech staff), having a tight control on redirects should be a security priority for Mozilla.

Please fix in the next point release.

A swift and successful resolution will result in a modest donation to Mozilla. Thank you.

I turned on "Warn me when websites try to redirect or reload a page." However, when I get the warning (plus an Allow button) I'm not told where the redirect leads. How am I supposed to decide whether I want to take that redirect or if it's safe if I have no idea where it's taking me? At the very least, Firefox should display the redirect URL. It's also a good idea to tell the user whether it's a javascript redirect, a html meta tag redirect, or a 30x HTTP code - and if the latter, which one exactly. (Telling this could be an option for the more technically sophisticated users.) And I sincerely hope that the redirect warning feature stops all of the above. Otherwise what's the point if it can be circumvented. (Please elaborate in response.) With the NSA using redirects against even technically savvy targets (the infamous Slashdot/LinkedIn MitM/MotS against EU telecoms tech staff), having a tight control on redirects should be a security priority for Mozilla. Please fix in the next point release. A swift and successful resolution will result in a modest donation to Mozilla. Thank you.

Módosította: mietekszczesniak,

Összes válasz (2)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

Please note that this feature actually is very limited in purpose: it is meant to avoid confusing accessibility add-ons or users with accessibility challenges, and not to prevent all possible kinds of redirection. Hence its placement under Accessibility options rather than Security options.

To morph the functionality in a new direction, I suggest filing a bug report at: https://bugzilla.mozilla.org/. Such a change could take several versions to make it into the regular release of Firefox. In the meantime, perhaps you can find an extension that offers this protection?

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

See also:

  • Bug 685496 - (redirect-warn) Tracking bug for enhancements and bugs with "Warn Me when web sites try to redirect or reload the page" feature and the corresponding "Firefox prevented this page from automatically redirecting to another page" information bar