1

I am having a strange issue where dragging and dropping an email onto a Mozilla Firefox window redirects the first tab to one of several websites, and the second tab opens with some text from the message in the address bar. Been able to repeat this on clean systems.

Am I the only one? Is this an indication of compromise on the host machine? Recommendations on next steps? Can you reproduce this issue? And finally, what's the best method for reporting this issue to Mozilla Firefox support/development?

Dragging: dragging

Redirect: redirect

Second Tab: second tab

schroeder
  • 123,438
  • 55
  • 284
  • 319
skrap3e
  • 175
  • 7
  • 1
    This seems like more like bad implementation than a compromised machine. – Tom K. Nov 29 '17 at 23:45
  • 1
    Agreed, this is certainly a bug in firefox or something, but there's nothing to indicate that there's any security implication. – Mike Ounsworth Nov 30 '17 at 18:59
  • Certainly there is something to indicate it has a security implication, it redirects to malware hosting domains. – skrap3e Dec 04 '17 at 20:16
  • @lasersauce it is not URL redirection. It's text being interpreted as a URL and going to a registered domain. – schroeder Mar 09 '18 at 21:48
  • That doesn't look like a malware hosting domain. What you are seeing is a domain which is for sale. – forest Mar 10 '18 at 02:20

1 Answers1

3

I don't think that it has anything to do with malware, from what I see is just another tricky way of getting traffic on the website.

Another tricky way that leads from this website ww9.fromsubjectreceivedsizecategories.com is mistyped domains, which are owned by scammers.

REAL: establishedmen.com 
FAKE (mistyped): establishedmem.com

Here is a nice article about it: https://nakedsecurity.sophos.com/typosquatting/

Mirsad
  • 10,005
  • 8
  • 33
  • 53
  • The links are just as often malware hosting domains, as they are innocuous traffic generating ad portals. I'd think that's a security issue. – skrap3e Dec 04 '17 at 20:16
  • @lasersauce no, there isn't. The browser is trying to make sense of the email file and is trying to interpret the text. There are tons of domains that are registered with random text for various purposes, including hosting malware. This is not an issue with your local email client. – schroeder Mar 09 '18 at 21:46