Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Network shell protocol is enabled in FireFox.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15771 | DTBF105 | SV-16710r2_rule | ECSC-1 | Medium |
| Description |
|---|
| Although current version of Firefox have this set to disabled by default, use of this option can be harmful. This would allow the browser to access the Windows shell. This could allow access to the underlying system. This check verifies that the default setting has not been changed. |
| STIG | Date |
|---|---|
| Mozilla FireFox | 2013-04-08 |
Details
| Check Text ( C-16615r2_chk ) |
|---|
| Procedure: Open a browser window, type "about:config" in the address bar. Criteria: If the value of "network.protocol-handler.external.shell" is not "false" or is not locked, then this is a finding. |
| Fix Text (F-15988r2_fix) |
|---|
| Procedure: Set the value of "network.protocol-handler.external.shell" to "false". Use the Mozilla.cfg file to lock the preference so users cannot change it. |