Sophos, the highly regarded U.K. security software company, has just announced the discovery of a serious privacy leak emanating from the popular Firefox add-on ‘ShowIP’.
According to the Mozilla add-on page, there are currently 169,000 people utilizing ShowIP. Here is ShowIP’s offcial description:
8220;Show the IP address(es) of the current page in the status bar. It also allows querying custom information services by IP (right click) and hostname (left click), like whois, netcraft, etc. Additionally you can copy the IP address to the clipboard.”
What it doesn’t tell you is that since version 1.3 (released on April 19th) ShowIP has also sent unencrypted details of sites visited using HTTPS and sites viewed in Private Browsing mode, to a German based website called ‘ip2info.org’. To add further intrigue, the ‘ip2info’ domain is apparently registered to a link marketing firm based in Berlin… Hmm.
Mozilla is now aware of the problem and have rolled the version of ShowIP available from their official add-on site back to 1.0 (which does not include the data forwarding), and are reportedly working with the developer to correct the issue. I guess that’s a step in the right direction but surely Mozilla’s initial review and acceptance policy should be capable of identifying any such issues before an add-on is released for public consumption.
DCT’s advice to ShowIP users would be to either disable or uninstall the add-on immediately. A very good alternative – ‘Flagfox’ – is available HERE.
If you absolutely, definitely cannot live without ShowIP, we strongly suggest you rollback to version 1.0 asap.
<Sophos original report HERE>