Mozilla Foundation Security Advisory 2015-117

Information disclosure through NTLM authentication

Announced
November 3, 2015
Reporter
Tim Brown
Impact
Low
Products
Firefox
Fixed in
  • Firefox 42

Description

Security researcher Tim Brown reported that Firefox discloses the hostname and possibly the Windows domain through NTLM-based HTTP authentication when sending type 3 messages as part of the authentication exchange. This is because the Workstation field is populated with the hostname of the system making the request. An attacker can craft a malicious page to send a silent NTLM request that will disclose the information without visibility in the client, leading to information disclosure. This is mitigated because NTLM v1 is disabled by default configurations.

References