Red Hat Bugzilla – Bug 145614
CAN-2005-0147 Browser responds to proxy auth request from non-proxy server (ssl/https)
Last modified: 2007-11-30 17:07:06 EST
=================================== Mozilla Security Advisory MSA05-009 =================================== Title: Browser responds to proxy auth request from non-proxy server (ssl/https) Severity: High Reporter: Christopher Nebergall Fixed in: Firefox 1.0 Mozilla Suite 1.7.5 Description ----------- If a proxy is configured the browser would respond to a 407 proxy auth request from any SSL-connected server rather than only responding to the configured proxy server. This could leak NTLM or SPNEGO credentials outside the organization. Workaround ---------- Upgrade to the fixed version References ---------- https://bugzilla.mozilla.org/show_bug.cgi?id=267263
This issue should also affect RHEL2.1
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-323.html