Mozilla's NTLM implementation is vulnerable to reflection attacks in
which NTLM credentials from one application could be forwarded to
another arbitary application via the browser. If an attacker could get
a user to visit a web page he controlled he could force NTLM
authenticated requests to be forwarded to another application on
behalf of the user.