Firefox ShowIP add-on privacy concerns

by certifiedbug on May 1, 2012

in Internet Security


A popular Firefox add-on appears to have started leaking private information about every website that users visit to a third-party server, including sensitive data which could identify individuals or reduce their security.

Naked Security reader Rob Sanders alerted us to the activities of the recently updated ShowIP add-on for the Firefox browser.

Currently over 170,000 people are said to be using ShowIP.

What the add-on’s description doesn’t say is that since version 1.3 (released on April 19th 2012) it has also sent – unencrypted – the full URL of sites visited using HTTPS, and sites viewed in Private Browsing mode, to a site called

The user never realises that the data has been shared with a third-party, unless they use special tools to monitor what data is being sent from their computer.


Mozilla blocks ScriptScan Add On

by certifiedbug on October 5, 2011

in Browser

McAfee ScriptScan has been blocked for your protection.

Why was it blocked?
This add-on causes a high volume of crashes.
Who is affected?
Users of McAfee ScriptScan versions 14.4.0 and below for all versions of Firefox and SeaMonkey.
What does this mean?

Users are strongly encouraged to disable the problematic add-on or plugin, but may choose to continue using it if they accept the risks described.

Surfing to the “Add-ons Blocklist” page one is greeted with,

This article is no longer maintained, so its content might be out of date.

Just saying… ;-)


Firefox and Thunderbird 6.0.1 released

by certifiedbug on August 31, 2011

in Browser,Software

If you do not receive an update notice when using the applications, select “Check for Updates” from the Help menu.

Mozilla addons site targeted in same attack that hit Google

“In the absence of a full account of mis-issued certificates from DigiNotar, the Mozilla team moved quickly to remove DigiNotar from our root program and protect our users.”

Download Firefox 6.0.1
Download Thunderbird 6.0.1

{ 1 comment }

Mozilla outs lethargic add-ons

by certifiedbug on April 6, 2011

in Browser

One I’d already disabled is listed in the top two, 74% slowdown. :-o

Add-ons provide many useful features and functions, but they can also cause Firefox to become slower. Some add-ons can even slow Firefox to a crawl and make it difficult to use for regular web browsing. If you think add-ons might be the reason Firefox is lethargic, check the list below for some of the biggest bottlenecks. And remember, for best performance you should disable add-ons that you no longer use regularly.

Add-ons with Slowest Start-up

The following add-ons have the most impact on how long it takes Firefox to start up.


Firefox blocks Skype add-on

January 21, 2011

Mozilla The current shipping version of the Skype Toolbar is one of the top crashers of Mozilla Firefox 3.6.13, and was involved in almost 40,000 crashes of Firefox last week. Additionally, depending on the version of the Skype Toolbar you’re using, the methods it uses to detect and re-render phone numbers can make DOM manipulation […]

Read the full article →

Firefox: Two Add-on security vulnerabilities

July 14, 2010

Mozilla Security Announcement. Mozilla Sniffer An add-on called “Mozilla Sniffer” was uploaded on June 6th to It was discovered that this add-on contains code that intercepts login data submitted to any website, and sends this data to a remote location. Upon discovery on July 12th, the add-on was disabled and added to the blocklist, […]

Read the full article →

NoScript-Adblock Plus mini wars

May 4, 2009

Posted by: Giorgio, NoScript. 2009-05-04 I screwed up. Big time. Not just with Adblock Plus users but with the Mozilla community at large. I did something extremely wrong, which I will regret forever. I abused the power and wasted the enormous trust capital gained by the NoScript add-on through the years to prevent Adblock Plus […]

Read the full article →

Content scrapers and Rogues

December 29, 2007

With more frequency I see content scrapers subscribe to security orientated blog feeds, simply to draw traffic to their own pages which link to Rogue anti-spyware programs. FeedEntryHeader is a useful WordPress plugin, allowing you to add a copyright statement with a link to the original article, at the top of your feed entries.

Read the full article →

FeedSmith Plugin for FeedBurner. Security Update

October 8, 2007

Potential security vulnerability Some WordPress plugins that permit the entry of user-entered values, such as older versions of FeedSmith, can be vulnerable to what is called a “cross-site request forgery.” Without getting overly technical, this permits someone to change WordPress plugin settings on your system without you noticing during the time you are signed into […]

Read the full article →

Blog life, plugging a plugin

October 4, 2007

For those going through ‘Simple Tagging’ withdrawal after installing WordPress 2.3 with native tags, you will be pleased to know Amaury Balmer has released Simple Tags. For WordPress 2.3 only, now you have no excuse not to upgrade.

Read the full article →