Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15985 | DTBF182 | SV-16927r1_rule | ECSC-1 | Medium |
Description |
---|
JavaScript can make changes to the browser’s appearance. Allowing a website to use JavaScript to raise and lower browser windows may disguise an attack. Browser windows may not be set as active via JavaScript. |
STIG | Date |
---|---|
Mozilla FireFox | 2012-09-05 |
Check Text ( C-16625r1_chk ) |
---|
In About:Config, verify that the preference name “dom.disable_window_flip" is set and locked to “true”. Criteria: If the parameter is set incorrectly, then this is a finding. If the setting is not locked, then this is a finding. |
Fix Text (F-15997r1_fix) |
---|
Ensure the preference "dom.disable_window_flip" is set and locked to the value of “true”. |