Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Firefox allows sites to show FALSE link destinations

more options

If you do a Google image search and click on an image to expand it, you'll see two links on the right to the website.

If you rollover these links, Firefox shows the supposed destination URL in the bottom left hand corner - however - if you right click these links and copy the destination - the TRUE destination is different and contains tracking information.

Isn't this a huge security problem? If a site can "show you" one destination URL but it actually leads somewhere else. I don't want a web browser that allows sites to trick me into thinking the destination is something other than what it is.

Can anyone advise?

If you do a Google image search and click on an image to expand it, you'll see two links on the right to the website. If you rollover these links, Firefox shows the supposed destination URL in the bottom left hand corner - however - if you right click these links and copy the destination - the TRUE destination is different and contains tracking information. Isn't this a huge security problem? If a site can "show you" one destination URL but it actually leads somewhere else. I don't want a web browser that allows sites to trick me into thinking the destination is something other than what it is. Can anyone advise?

所有回复 (7)

more options

Hello MartyJames, Redirects are a common nuisance all over the web. Firefox security settings can help block some of them and there a number of extensions available. For example: Skip Redirect

more options

Surely the browser should be able to prevent it?

I presume what Google is doing is changing the link target at the moment the user clicks the link. Firefox should prevent this from happening by keeping all link targets fixed and locked?

more options

Hi MartyJames, I wouldn't go as far as saying that Google is doing this intentionally. Search for 'Google Images Redirects.' Redirects are an avenue for malicious content , trojans and viruses. They should be treated as such and appropriate security should be used against them. No anti-virus, anti-malware, content blocker, adblocker, etc. is 100% effective. The best approach that I have found is to "layer" your protection. I might not be able to stop that redirect but I can block the trojan that it leads to.

Good Luck!

more options

This is how Google search works. If you open a link then this link is checked against the Google Safe Browsing website to make sure that the link is safe. This is done via an onclick handler that is used instead of the href attribute that Firefox shows when you hover a link.

more options

MartyJames said

I presume what Google is doing is changing the link target at the moment the user clicks the link.

When I check the page in Firefox, there is an event handler that runs halfway through a click that changes the href value:

<a href="https://www.mozilla.org/en-US/firefox/new/" onmousedown="return rwt(this,'','','','1','AOvVaw0vazKuR14XhwfqVIbMkqKU','','2ahUKEwjryZb-m4bjAhXQX80KHfG0B5sQFjAAegQIARAB','','',event)" hreforiginal="https://www.mozilla.org/en-US/firefox/new/"><h3 class="LC20lb">Download Firefox — Free Web Browser — Mozilla</h3>...</a>

On Chrome, it's a bit different, the tracking is more transparent:

<a href="https://www.mozilla.org/en-US/firefox/new/" ping="/url?sa=t&source=web&rct=j&url=https://www.mozilla.org/en-US/firefox/new/&ved=2ahUKEwiPwL-wnobjAhVOUs0KHRD2AcYQFjAAegQIABAB" hreforiginal="https://www.mozilla.org/en-US/firefox/new/"><h3 class="LC20lb">Download Firefox — Free Web Browser — Mozilla</h3>...</a>

Firefox should prevent this from happening by keeping all link targets fixed and locked?

There are scenarios where href changes are not done for tracking or evil, but to account for other data in the page. Also, if this was banned, the same could be accomplished by calling a script method to navigate the page (e.g., location.href or window.open) without having to change the href. So it's a tricky problem.

Anyway, my workaround is to use this extension: https://addons.mozilla.org/firefox/addon/google-search-link-fix/

more options

Thanks for the replies.

jscher2000, Thanks once again. An excellent answer as always.

I just think Firefox is too "liberal" by default. Things like allowing clipboard interaction, allowing hidden text to be copied to the clipboard, right button interaction (I've disabled all these), allowing scripts to navigate the page, etc. I don't want anything so complicated in a browser, or sites doing things I'm not aware of. I just want old-fashioned WYSIWYG html. Nothing "hidden".

I think Firefox should have a nice big button in the settings called "Simple Mode" which disables ALL unnecessary security risks. Navigation is restricted to conventional (visible) html links and buttons. Then you can whitelist sites you trust if you want to give them more advanced functionality.

As for the add-on you recommended, thanks that looks really good, though I am nervous about installing add-ons. Firefox says it can access all my data for all sites, so I have to assume all that data (including every email I send) will be logged and sent home - to God knows whom!

I've told Firefox about this before, but merely giving us a list of things which add-ons can access is useless. All we really need to know about add-ons is: Do they send telemetry? Mozilla should implement a verification system for add-ons which verifies them as 100% local and telemetry-free. This is the information we really need about add-ons. I don't care what information an add-on can "see" as long as it's not going online.

由MartyJames于修改

more options

MartyJames said

As for the add-on you recommended, thanks that looks really good, though I am nervous about installing add-ons. Firefox says it can access all my data for all sites, so I have to assume all that data (including every email I send) will be logged and sent home - to God knows whom!

As far as I can tell, it doesn't exfiltrate data, but I agree that the permission is broader than necessary.

I've told Firefox about this before, but merely giving us a list of things which add-ons can access is useless. All we really need to know about add-ons is: Do they send telemetry? Mozilla should implement a verification system for add-ons which verifies them as 100% local and telemetry-free. This is the information we really need about add-ons. I don't care what information an add-on can "see" as long as it's not going online.

The Add-ons team regularly updates its screening tools, but it is a little tricky reading code.