Firefox is configured to allow JavaScript to raise or lower windows.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-57643 | DTBF-0016 | SV-72053r1_rule | Medium |
| Description |
|---|
| JavaScript can make changes to the browser’s appearance. Allowing a website to use JavaScript to raise and lower browser windows may disguise an attack. Browser windows may not be set as active via JavaScript. |
| STIG | Date |
|---|---|
| Mozilla Firefox | 2017-03-22 |
Details
| Check Text ( C-58465r2_chk ) |
|---|
| Procedure: In about:config, verify that the setting for the following Preference Name’s are set and locked. “dom.disable_window_flip”, set to “true”. Criteria: If the values of the listed Preferences are not set and locked to these settings, then this is a finding. |
| Fix Text (F-62845r1_fix) |
|---|
| Set and lock the following preferences using the “Mozilla.cfg” file: “dom.disable_window_flip”, set to “true”. |