Image

As you have read in the title, screenshots.firefox.com was vulnerable to open redirect because one parameter do not fully validate the input allowing any attacker to redirect the victim to a malicious url.

I found this vulnerability using the “Google Hacking” technology, by typing in the google search: site:*.firefox.com inurl:redirect, one of the first results was:

Then I decided to enter the suspicious web address and change the input of the endpoint redirect?to= to other link, and definitely, redirect me to the “malicious” link. I made the report to Mozilla Security Team and in a few weeks the vulnerabily was fixed.

Finaly, Mozilla appreciated the report and decided to award me with a Hall of Fame. I am mentioned in 3rd Quarter of 2017.