Browser Add-ons, Flock, Mozilla, Mozilla Add-ons, Mozilla Firefox, Mozilla Firefox for Mobile, Netscape Navigator, Software, URL Fixer

URL Fixer Has Been Acquired

Update: URL Fixer was acquired and is now hosted at

URL Fixer, one of the first add-ons I wrote for Firefox, has been acquired! It is now being managed by the team at

URL Fixer was inspired in 2006 by this Firefox bug report. Since then, it has been a featured add-on on the Mozilla Add-ons Gallery, it was one of the first add-ons to be compatible with Mobile Firefox, and it placed in the Extend Firefox 2 contest. It used to be compatible with both SeaMonkey and Flock (remember Flock?); its functionality was included in Netscape Navigator 9, and it was at one point under consideration to be included in Firefox 3.

URL Fixer has also been the subject of several experiments: it was the source of the statistics I used in my examination of what people type in the address bar, and it was the add-on I used to test the feasibility of selling a freemium browser add-on.

The new team in charge of URL Fixer recently released version 4, which you can install without needing to restart Firefox; I’m looking forward to seeing what other improvements they make and in what direction they take the add-on. Please note: support questions should no longer go to me; please send them to

JavaScript, Mozilla Firefox, Netscape Navigator, Pownce, Safari, Web 2.0, Web Applications

Pownce has a big security problem

Kevin Rose’s latest project, Pownce, has a glaring security problem on its front page. The JavaScript that Pownce uses in its login form can reveal your password in plain text on the screen. Here are the steps to reproduce the problem in Firefox:

  1. Login to Pownce via Allow Firefox to save your login information for next time, and then log out.


  2. Navigate to and type the first part of your username in the “Enter username…” box. Firefox will supply all of the matching usernames it remembers for this site. (So far, so good.)

    Using Firefox

  3. Select your username and press return to have the browser autofill the rest of your information. Oh look, there’s your Pownce password in plain view! I hope no one in the room was watching you login…

    Hey look, it

The method that Pownce is using to show the “Enter password…” prompt in the password field is the reason for this malfunction; browsers force all text in password fields to be hidden with asterisks, so if you want to show normal text in a password field like Pownce has chosen to, you have to do so in a non-standard way.

This bug affects Firefox and Netscape users who have JavaScript enabled, but it doesn’t affect Safari users.