Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15990 | DTBF017 | SV-16932r1_rule | ECSC-1 | Medium |
Description |
---|
The browser home page parameter specifies the web page that is to be displayed when the browser is started explicitly and when product-specific buttons or key sequences for the home page are accessed. This helps to mitigate the possibility of automatic inadvertent execution of script added to a previously safe site. |
STIG | Date |
---|---|
Mozilla FireFox | 2013-04-08 |
Check Text ( C-24153r1_chk ) |
---|
Type "about:config" in the address bar of the browser. Verify that the preference "browser.startup.homepage" is set and locked to blank or an authorized and trusted website such as "https://www.us.army.mil/suite/page/429668" Criteria: If the parameter is set incorrectly, then this is a finding. If the setting is not locked, then this is a finding. |
Fix Text (F-20405r1_fix) |
---|
Ensure the preference "browser.startup.homepage" is set and locked to blank or the URL for a .mil or other trusted website. |