mozgcp.net Request / URL Injection #595
influential-eliot
started this conversation in
General
Replies: 2 comments
-
|
I think that normally, these URLs are only for external links comming from Mozilla websites, like the Firefox Addons page. Where are you seeing them? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Thanks, yeah, I presumed that, too ... but wasn't sure. I am pretty sure that I have seen these links in emails within the Outlook PWA (running under this infrastructure) ... so ... yeah ... my 'privacy' nyerk immediately bounced! 😅 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hiya ... I'm pretty sure that it's not the PWA, but I'm wondering if the PWA can potentially be a part of the solution to addressing this.
I've noticed that a number of normal URLs (pick any) are being converted to run through this origin on the 'mozgcp.net' domain:
https://prod.outgoing.prod.webservices.mozgcp.netMy concern is that I've not noted this before ... it seems new ... and it seems to be Firefox related (ie. not malware).
If the URL was
https://pingpong.com/foomthen the URL would change to:https://prod.outgoing.prod.webservices.mozgcp.net/v1/WHAT_LOOKS_LIKE_SOME_KIND_OF_IDENTIFYING_STRING/https%3A//pingpong.com/foomSo ... whilst I don't really want to get started on a whole conversation about 'protective redirects' (like the built in Office URL protection when I'm using my 'Outlook' PWA via this Extension on Linux) I am a bit more curious and concerned about this one. Because this appears to be running at browser level ... and whilst it might well be Mozilla 'doing good' by protecting my links ... ... I didn't ask for this.
Oh, and the second reason it's concerning is that the owner of the domain is hiding behind a privacy protection service. (ironically located down the road from me!)
So, I'm just wondering if this is something that's ever come up, here ... really ... and if there were plans to handle it / address it.
Or ... is it actually something that the PWA is doing actively to protect links? (I doubt it, but I suppose I have to ask) :)
I've done a fair bit of research via a fair few StartPage searches and cannot seem to find 'owt about this at any official level of detail. So, y'know, I am not starting this discussion with any expectation of response or entitlement to a reply ... just thought I'd bring it up ... Equally ... it's entirely possible that every single time I've noted it that it was a mail (in the aforementioned Outlook PWA) that was made by Mozilla ...
Anyway ... yeah ... curious!
Beta Was this translation helpful? Give feedback.
All reactions