Firefox HTTP Prefetch feature leaks unencrypted site accesses, ignoring rewrite rules
Firefox supports a feature called HTTP Prefetch, where an HTML page can "hint" that a user is likely to access a particular page in the near future. Firefox can (and by default does) load the relevant URL even before the user clicks on this.
Google search results (in some circumstances) contain HTML code that requests a prefetch of the top search result. (Google is not necessarily the only site that triggers this problem!) Firefox will, by default, then load this page, ignoring any potentially applicable HTTPS Everywhere rewrite rules. For instance, if the top search result is a Wikipedia page, Firefox will load that page in plaintext in the background, even though HTTPS Everywhere has a rule that should force the Wikipedia page access to be rewritten. (Actually clicking on the link results in HTTPS Everywhere rewriting it, but the browser has already loaded the unencrypted version!)
See https://mail1.eff.org/pipermail/https-everywhere/2010-July/000025.html for more discussion of this problem.
See also https://developer.mozilla.org/en/link_prefetching_faq for discussion of HTTP Prefetch. (You can turn it off entirely, but I don't know whether that's the right solution.)