Security researcher Tim Brown reported that Firefox discloses the hostname and possibly the Windows domain through NTLM-based HTTP authentication when sending type 3 messages as part of the authentication exchange. This is because the Workstation field is populated with the hostname of the system making the request. An attacker can craft a malicious page to send a silent NTLM request that will disclose the information without visibility in the client, leading to information disclosure. This is mitigated because NTLM v1 is disabled by default configurations.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tim Brown as the original reporter.
This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.