From what I have read, that hotfix is to fix this issue. https://blog.mozilla.org/security/2015/02/27/getting-superfish-out-of-firefox/ To remove what the Lenovo removal tool misses - the Superfish Certificate. https://support.lenovo.com/us/en/product_security/superfish_uninstall Related Bug report. https://bugzilla.mozilla.org/show_bug.cgi?id=1136150 Platform: All Windows 8 Starting here - https://bugzilla.mozilla.org/show_bug.cgi?id=1136150#c11 - it sounds like "they" want or need that Hotfix to do "its thing" and then "be gone". IOW, remove the bad certificate and then be inactive. Then there's this - https://bugzilla.mozilla.org/show_bug.cgi?id=1136150#c11 - which says '''"Add-on removes itself after install."''' That has been done before with this add-on - https://addons.mozilla.org/en-US/firefox/addon/searchreset/ - it runs and then is gone. https://wiki.mozilla.org/Features/Desktop/Add-on_hotfix Unless I missed something in that Bug #1136150 report ... Maybe Ubuntu released or 'pushed' that hotfix for their installed Firefox user base on their own? After all Ubuntu builds their versions of Firefox separate from Mozilla, and updates them on their own thru their package manager.

I use ubuntu 12.04 & 14.04, and have Mozilla & Canonical builds of Firefox but have not noticed the hotfix. Maybe it was selective enough to detect superfish victims. It appears the hotfix extension is available as an add-on and may have been used for multiple purposes * https://addons.mozilla.org/firefox/addon/firefox-hotfix/ * https://wiki.mozilla.org/Features/Desktop/Add-on_hotfix ** https://hg.mozilla.org/releases/firefox-hotfixes/file