Firefox 52 has introduced a regression where the users cannot sign in to a site which is served via TLS 1.2 and requires an NTLM authentication. The reported application is SharePoint Server 2016 but other sites may also be affected.
According to an investigation by Microsoft, this is due to the fact that Firefox does not downgrade the connection to HTTP/1.1 upon authentication even though NTLM is not compatible with HTTP/2.
Mozilla developers are looking for the solution. Meanwhile, users can temporarily disable HTTP/2 by flipping the hidden
network.http.spdy.enabled.http2 preference through
about:config to work around the issue.
Update: This issue has been fixed with Firefox 53 and Firefox ESR 52.1.