Is this an insecure link...

Hi malware fighters,

Searching for taco add-on for firefox via Google search results I landed at: htxps://addons.update.mozilla.org/en-US/firefox/addon/11073?lang=nl
Then I saw the link in SRWare’s Iron browser alerted and in the URL bar I saw the address with https in red and crossed out. What is this redirection? I went back in my tracks. Can anyone verify?
Normally the http link directs to https, like

URL: hxtp://addons.update.mozilla.org/en-US/firefox/addon/1107…
Redirects: 301 → hxtps://addons.update.mozilla.org/en-US/firefox/addon/110…
302 → hxtps://addons.update.mozilla.org/nl/firefox/addon/11073

polonus

update.mozilla.com?

when i googled for taco addon, it give me this:

hXtps://addons.mozilla.org/en-US/firefox/addon/11073

Hi nmb,

htxps://update.mozilla.org/

You’re right, it should not be in the there in the search results, and it can be done with an additional registration of another site where the browser stops after hitting a 0 so every registered site can pose as something completely different, nice form of phishing…

The real stuff is where you find it, extension sets permanent opt-out cookies to stop behavioral advertising by 90 different advertising networks, including Google, Yahoo, Microsoft, all members of the Network Advertising Initiative, and many other companies,
I am curious what lies beyond the hacked URL?

polonus

does this have anything to do with this:

http://bit.ly/gGGVU

I’m not totally sure of this but it is likely to be an innocent case. “[nobbc]http://addons.update.mozilla.org[/nobbc]” is still in mozilla.org domain and the warning is that it uses addons.mozilla.org certificate instead of addons.update.mozilla.org, hence, indicating the possibility of a fraud.

However, as nmb pointed out, it is true that there is a url-spoofing vulnerability in FF and the users should be warned especially since there are some poisoned https sites.