Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2005-09

Browser responds to proxy auth request from non-proxy server (ssl/https)

Announced
January 21, 2005
Reporter
Christopher Nebergall
Impact
High
Products
Firefox, Mozilla Suite
Fixed in
  • Firefox 1
  • Mozilla Suite 1.7.5

Description

If a proxy is configured the browser would respond to a 407 proxy auth request from any SSL-connected server rather than only responding to the configured proxy server. This could leak NTLM or SPNEGO credentials outside the organization.

Workaround

Upgrade to the fixed version

References

https://bugzilla.mozilla.org/show_bug.cgi?id=267263