CVE-2005-4874

The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain 1 proxy authentication passwords via a request with a "Max-Forwards: 0" header or 2 arbitrary local passwords on the web server that hosts this object...