Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15779 | DTBF181 | SV-16718r1_rule | Medium |
Description |
---|
JavaScript can make changes to the browser’s appearance. This activity can help disguise an attack taking place in a minimized background window. Set browser setting to prevent scripts on visited websites from moving and resizing browser windows. |
STIG | Date |
---|---|
Mozilla Firefox | 2017-03-22 |
Check Text ( C-16624r1_chk ) |
---|
In About:Config, verify that the preference name “dom.disable_window_move_resize" is set and locked to “true”. Criteria: If the parameter is set incorrectly, then this is a finding. If the setting is not locked, then this is a finding. |
Fix Text (F-15996r1_fix) |
---|
Ensure the preference "dom.disable_window_move_resize" is set and locked to the value of “true”. |