UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Network shell protocol is enabled in Firefox.


Overview

Finding ID Version Rule ID IA Controls Severity
V-57587 DTBF-0007 SV-71997r1_rule Medium
Description
Although current versions of Firefox have this set to disabled by default, use of this option can be harmful. This would allow the browser to access the Windows shell. This could allow access to the underlying system. This check verifies that the default setting has not been changed.
STIG Date
Mozilla Firefox 2017-03-22

Details

Check Text ( C-58419r3_chk )
Procedure:
In about:config, verify that the setting for the following Preference Name’s are set and locked.

"network.protocol-handler.external.shell", set to “false”.

Criteria:
If the values of the listed Preferences are not set and locked to these settings, then this is a finding.
Fix Text (F-62787r2_fix)
Set and lock the following preferences using the “Mozilla.cfg” file:
"network.protocol-handler.external.shell", set to "false".