Interoperability is everywhere in browsers Java <-> VBScript, VBscript <-> .NET, .NET <-> Javascript, Javascript <-> DOM etc. This interoperability presents a large attack surface, which is up to now where not well explored.
There is a lot of code involved converting types between various languages.
Similar as OpenSSH Authentication Using Kerberos, but now Transparent Kerberos Authentication via Apache against Active Directory using mod_auth_kerb. This enables SSO from IE and Firefox on Apache, IE and Firefox configurations to enable this are also described in the document.
Abstract: The Apache authentication module mod_auth_kerb allows Apache to authenticate users against a Kerberos KDC including one from ActiveDirectory. Kerberos itself can be fairly complex to set up. This guide will attempt to show the specific steps required to make this possible as well as discuss security limitations specific to the interoperability matters. This guide assumes a basic understanding of Kerberos V and that the Active Directory domain controller is properly configured prior to starting this process.
Technical Analysis: Apache with mod_auth_kerb and Windows Server