This came up in a newsgroup post: http://groups.google.com/group/mozilla.dev.apps.firefox/browse_thread/thread/8bc68e7d0df5bf84/67c86ede83d85745#67c86ede83d85745 Filtering out the noise (and my bad grammar), there are a couple good points in there: 1) how to we let users know that we're redirecting them? 2) how can we make it easier for users to verify that they have the version we released? For #1, we could explain that users are being redirected to a (trusted) mirror site, and maybe a link to the mirror list page, on the redirect page e.g.: http://www.mozilla.com/en-US/products/download.html?product=firefox-126.96.36.199&os=linux&lang=en-US For #2, I'm not so sure if that's an appropriate place to link information about checking signatures, but we should have that info up somewhere (maybe linked from the release notes?).
For #1 and/or #2, the download page could have a link to the official list of Mozilla release mirrors, http://www.mozilla.org/mirrors.html , so they can verify that "wherever they're taken to" is on the official list.
Doing a bit of bug housekeeping here and came across this. Closing for now since this hasn't been updated in 4 years. If you think this is still important to fix, and applies to the current mozilla.com, please re-open. Thanks!