UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Firefox is configured to allow JavaScript to disable or replace context menus.


Overview

Finding ID Version Rule ID IA Controls Severity
V-57647 DTBF-0017 SV-72057r1_rule Medium
Description
A context menu (also known as a pop-up menu) is often used in a graphical user interface (GUI) and appears upon user interaction (e.g., a right mouse click). A context menu offers a limited set of choices that are available in the current state, or context, of the operating system or application. A website may execute JavaScript that can make changes to these context menus. This can help disguise an attack. Set this preference to “false” so that webpages will not be able to affect the context menu event.
STIG Date
Mozilla Firefox 2017-03-22

Details

Check Text ( C-58469r2_chk )
Procedure:
In about:config, verify that the setting for the following Preference Name’s are set and locked.

“dom.event.contextmenu.enabled”, set to “false”.

Criteria:
If the values of the listed Preferences are not set and locked to these settings, then this is a finding.
Fix Text (F-62847r2_fix)
Set and lock the following preferences using the “Mozilla.cfg” file:
“dom.event.contextmenu.enabled”, set to “false”.