Dori Eldar

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 1.0.4 through 1.0.5 **Description** The issue is related to the authentication scheme used by the browser. According to the description, the browser does not choose the challenge with the strongest authentication scheme available as required by RFC2617. This might cause credentials to be sent in plaintext even if an encrypted channel is available. **Recommendations** For Mozilla Firefox versions 1.0.4 through 1.0.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.