Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2010-15

Asynchronous Auth Prompt attaches to wrong window

March 23, 2010
Justin Dolske
Fixed in
  • Firefox 3.6.2


Mozilla developer Justin Dolske reported that the new asynchronous Authorization Prompt (HTTP username and password) was not always attached to the correct window. Although we have not demonstrated this, it may be possible for a malicious page to convince a user to open a new tab or popup to a trusted service and then have the HTTP authorization prompt from the malicious page appear to be the login prompt for the trusted page. This potential attack is greatly mitigated by the fact that very few web sites use HTTP authorization, preferring instead to use web forms and cookies.

This issue does not affect older versions of Firefox or products based on the Mozilla browser engine, such as Thunderbird and SeaMonkey, using an older version of the engine.