During the last few weeks I’ve been looking at the security of some popular security extensions and one of the extensions that I checked out (which I also use myself) was HTTPS Everywhere. After some hours of analysis I managed to disable it by just viewing a HTML page. In fact, I managed to disable any extension and most (including HTTPS Everywhere) without any user interaction! Finding the bug I