Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability

Mozilla Firefox and SeaMonkey are prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to forward a user's NTLM (NT LAN Manager) credentials used in one application to gain unauthorized access to another application.

NOTE: This issue was previously covered in BID 37349 (Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities), but has been assigned its own record to better document it.


Privacy Statement
Copyright 2010, SecurityFocus