Network shell protocol is enabled in FireFox.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15771 | DTBF105 | SV-16710r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Although current version of Firefox have this set to disabled by default, use of this option can be harmful. This would allow the browser to access the Windows shell. This could allow access to the underlying system. This check verifies that the default setting has not been changed. |
| STIG | Date |
|---|---|
| Mozilla FireFox | 2012-09-05 |
Details
| Check Text ( C-16615r1_chk ) |
|---|
| Procedure: Open a browser window, type "about:config" in the address bar. Criteria: If the "network.protocol-handler.external.shell" value is "false", then this is not a finding. |
| Fix Text (F-15988r1_fix) |
|---|
| Set the "network.protocol-handler.external.shell" value to "false" |