Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Firefox is configured to allow JavaScript to hide or change the status bar.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15987 | DTBF184 | SV-16929r1_rule | ECSC-1 | Medium |
| Description |
|---|
| When a user visits some webpages, JavaScript can hide or make changes to the browser’s appearance to hide unauthorized activity. This activity can help disguise an attack taking place in a minimized background window. Determines whether the text in the browser status bar may be set by JavaScript. Set and lock to True (default in Firefox) so that JavaScript access to preference settings for is disabled. |
| STIG | Date |
|---|---|
| Mozilla FireFox | 2012-09-05 |
Details
| Check Text ( C-16627r1_chk ) |
|---|
| Type "about:config" in the address bar of the browser. Verify that the preference “dom.disable_window_status_change" is set and locked to “true”. Criteria: If the parameter is set incorrectly, then this is a finding. If the setting is not locked, then this is a finding. |
| Fix Text (F-15999r1_fix) |
|---|
| Ensure the preference "dom.disable_window_status_change" is set and locked to the value of “true”. |