Firefox is configured to allow JavaScript to move or resize windows.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-57603 | DTBF-0015 | SV-72013r1_rule | Medium |
| Description |
|---|
| JavaScript can make changes to the browser’s appearance. This activity can help disguise an attack taking place in a minimized background window. Set browser setting to prevent scripts on visited websites from moving and resizing browser windows. |
| STIG | Date |
|---|---|
| Mozilla Firefox | 2017-03-22 |
Details
| Check Text ( C-58435r3_chk ) |
|---|
| Procedure: In about:config, verify that the setting for the following Preference Name’s are set and locked. “dom.disable_window_move_resize", set to “true”. Criteria: If the values of the listed Preferences are not set and locked to these settings, then this is a finding. |
| Fix Text (F-62803r2_fix) |
|---|
| Set and lock the following preferences using the “Mozilla.cfg” file: “dom.disable_window_move_resize”, set to “true”. |