UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Firefox is configured to allow JavaScript to raise or lower windows.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15985 DTBF182 SV-16927r1_rule ECSC-1 Medium
Description
JavaScript can make changes to the browser’s appearance. Allowing a website to use JavaScript to raise and lower browser windows may disguise an attack. Browser windows may not be set as active via JavaScript.
STIG Date
Mozilla FireFox 2014-07-03

Details

Check Text ( C-16625r1_chk )
In About:Config, verify that the preference name “dom.disable_window_flip" is set and locked to “true”.

Criteria: If the parameter is set incorrectly, then this is a finding. If the setting is not locked, then this is a finding.
Fix Text (F-15997r1_fix)
Ensure the preference "dom.disable_window_flip" is set and locked to the value of “true”.