Launchpad.net

CVE 2015-4515

Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message.

See the CVE page on Mitre.org for more details.