VULHUB ™

It has been reported that Mozilla Browser is prone to an information disclosure vulnerability that may allow an attacker to steal user authentication credentials. The issue presents itself when the user attempts to connect to a malicious server subsequent to successfully authenticating to the trusted server. If the malicious proxy with a same realm as the trusted server sends the user a "407 Proxy authentication required" message, Mozilla will send the cached authentication credentials from the previous exchange with the trusted proxy to the malicious server. This is carried out regardless of the different domain name or IP address of the malicious server.

It has been reported that Mozilla Browser is prone to an information disclosure vulnerability that may allow an attacker to steal user authentication credentials. The issue presents itself when the user attempts to connect to a malicious server subsequent to successfully authenticating to the trusted server. If the malicious proxy with a same realm as the trusted server sends the user a "407 Proxy authentication required" message, Mozilla will send the cached authentication credentials from the previous exchange with the trusted proxy to the malicious server. This is carried out regardless of the different domain name or IP address of the malicious server.