Regressed Proxy authentication using cookies doesn’t work

Published: | Categories: Privacy & Security | Creative Commons BY-SA 3.0

Description

Firefox 35 has fixed a security bug that allowed cookie injections using a 407 Proxy Authentication HTTP response. As a side effect, legitimate cookie authentications for corporate intranet sites are no longer working because auth cookies cannot be set by proxy servers. Mozilla developers are discussing how to solve the issue securely. Firefox 31 ESR is available for enterprise users to workaround the issue.

References