UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Network shell protocol is enabled in FireFox.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15771 DTBF105 SV-16710r3_rule Medium
Description
Although current versions of Firefox have this set to disabled by default, use of this option can be harmful. This would allow the browser to access the Windows shell. This could allow access to the underlying system. This check verifies that the default setting has not been changed.
STIG Date
Mozilla Firefox 2016-06-28

Details

Check Text ( C-16615r2_chk )
Procedure: Open a browser window, type "about:config" in the address bar.

Criteria: If the value of "network.protocol-handler.external.shell" is not "false" or is not locked, then this is a finding.
Fix Text (F-15988r3_fix)
Procedure: Set the value of "network.protocol-handler.external.shell" to "false" and lock using the Mozilla.cfg file.