Network shell protocol is enabled in Firefox.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-57587 | DTBF-0007 | SV-71997r1_rule | Medium |
| Description |
|---|
| Although current versions of Firefox have this set to disabled by default, use of this option can be harmful. This would allow the browser to access the Windows shell. This could allow access to the underlying system. This check verifies that the default setting has not been changed. |
| STIG | Date |
|---|---|
| Mozilla Firefox | 2017-03-22 |
Details
| Check Text ( C-58419r3_chk ) |
|---|
| Procedure: In about:config, verify that the setting for the following Preference Name’s are set and locked. "network.protocol-handler.external.shell", set to “false”. Criteria: If the values of the listed Preferences are not set and locked to these settings, then this is a finding. |
| Fix Text (F-62787r2_fix) |
|---|
| Set and lock the following preferences using the “Mozilla.cfg” file: "network.protocol-handler.external.shell", set to "false". |