As you have read in the title, was vulnerable to open redirect because one parameter do not fully validate the input allowing any attacker to redirect the victim to a malicious url.

I found this vulnerability using the “Google Hacking” technology, by typing in the google search: site:* inurl:redirect, one of the first results was:

Then I decided to enter the suspicious web address and change the input of the endpoint redirect?to= to other link, and definitely, redirect me to the “malicious” link. I made the report to Mozilla Security Team and in a few weeks the vulnerabily was fixed.

Finaly, Mozilla appreciated the report and decided to award me with a Hall of Fame. I am mentioned in 3rd Quarter of 2017.