Disable NTLM and Negotiate HTTP Auth
This is technically an embargoed Mozilla bug, so I probably shouldn't provide too many details.
Suffice to say that NTLM and Negotiate auth are bad for Tor users, and I doubt very many (or any of them) actually need it.
However, Mozilla's fix is going to be more involved and likely require several pref additions, and this issue is not as high a priority for them as it is for us.
We're just going to take the blunt approach and fully disable all forms of this auth.