Microsoft .NET Framework 3.5 SP1 registers a global Firefox Add-on that supports "ClickOnce" integration. When a page is served with a "application/x-ms-application" content-type, the page is re-requested with a Win32 application that bypasses the browser proxy settings. This behavior leaks the user's real IP address.