Closed Bug 1526962 Opened 2 years ago Closed 2 years ago

[ja] Verify existing mailto protocol handler and switch to https

Categories

(Mozilla Localizations :: ja / Japanese, enhancement)

Product:
Mozilla Localizations
Component:
ja / Japanese
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: flod, Assigned: flod)

References

Details

Firefox and Firefox for Android have the following mailto protocol handler, still using http. We should verify if it's still relevant, and update it to https where possible.

http://compose.mail.yahoo.co.jp/ym/Compose?To=%s

The https doesn't seem to be loading for me. Does it make sense to keep it?

Flags: needinfo?(chimantaea_mirabilis)

The current URL works and redirect to compose page. The redirected URL is "https://".
However, http"s"://compose.mail.yahoo.co.jp/ doesn't load nor redirect to compose page.

We should keep it.

Flags: needinfo?(chimantaea_mirabilis)

(In reply to Masahiko Imanaka [:marsf] from comment #1)

The current URL works and redirect to compose page. The redirected URL is "https://".
However, http"s"://compose.mail.yahoo.co.jp/ doesn't load nor redirect to compose page.

We should keep it.

The problem is that because it's not https, we transmit the recipient email address and potentially other fields (subject/message) as plaintext, ie without encryption. This means we leak private data e.g. to the user's ISP or other passive MITM attackers. This is a privacy/security risk.

Isn't there an https: equivalent for this URL?

Flags: needinfo?(chimantaea_mirabilis)

I tried some https URLs with "To" parameter.
This URL works with no redirect and keeps https:
https://jp.mg5.mail.yahoo.co.jp/ym/Compose?To=%s

"jp.mg5.mail.yahoo.co.jp/" is the current domain of Yahoo! Japan mail.
From "mg1" to "mg4" are all redirected to "mg5" (mg1 and mg3 were beta version of the webmail).
I'm not sure "jp.mg5" part will be changed in the future.

Flags: needinfo?(chimantaea_mirabilis)

Thanks. Unfortunately that doesn't look like a stable URL to use. Let's see if we can get some answers through our BD department.

(In reply to Francesco Lodolo [:flod] from comment #4)

Thanks. Unfortunately that doesn't look like a stable URL to use. Let's see if we can get some answers through our BD department.

Any answers forthcoming? :-)

Flags: needinfo?(francesco.lodolo)

Thank you for the heads up on this. I'm seeking a contact who can help us.

We've been told by Yahoo Japan that this should work:

https://mail.yahoo.co.jp/compose/?To=mailto%3Afoo%40isp.com%3FCc%3Dbar%40isp.com%26Subject%3DHello

Flags: needinfo?(francesco.lodolo)

Can you confirm if this works?

Flags: needinfo?(chimantaea_mirabilis)

(In reply to Francesco Lodolo [:flod] from comment #8)

Can you confirm if this works?

Yes, I confirmed it works fine.
Its connection to "jp.mg5.mail.yahoo.co.jp" are all encrypted.

Flags: needinfo?(chimantaea_mirabilis)

Thanks, landed in
https://hg.mozilla.org/l10n-central/ja/rev/955d3a2ae43a5f87ab79cda281e82f407993b2ac
https://hg.mozilla.org/l10n-central/ja-JP-mac/rev/243a244153a3414c26eff48d2bed35d1954d6946

Assignee: nobody → francesco.lodolo
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Blocks: 1526890
You need to log in before you can comment on or make changes to this bug.