A California woman is suing both Lenovo and Superfish, after the PC maker was found shipping laptops to consumers with Superfish adware pre-installed.

Security experts warn that Superfish adware leaves users vulnerable to man-in-the-middle (MitM) attacks via a self-signed root certificate, which could allow a saboteur to intercept users' encrypted SSL connections.

Reports of the adware-laden Lenovo laptops went viral last week, around the time Jessica Bennett, of San Diego, filed a lawsuit against the companies in a federal court. On Monday, Ars Technica published the court documents (PDF) filed Thursday by Bennett, who seeks class-action status for the suit.

Bennett accused the firms of violating the California Invasion of Privacy Act, federal wiretap law and a state law governing unfair business competition.

The Electronic Frontier Foundation (EFF) has published steps to uninstall Superfish. Lenovo stopped preloading the adware in January.