Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Firefox is configured to allow JavaScript to change the status bar text.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-57651 | DTBF-0019 | SV-72061r1_rule | Medium |
| Description |
|---|
| JavaScript can make changes to the browser’s appearance. This activity can help disguise an attack taking place in a minimized background window. Webpage authors can disable many features of a popup window that they open. Setting these preferences to true will override the author's settings and ensure that the feature is enabled and present in any popup window. This setting prevents the status bar from being hidden. |
| STIG | Date |
|---|---|
| Mozilla Firefox | 2017-03-22 |
Details
| Check Text ( C-58473r2_chk ) |
|---|
| Procedure: In about:config, verify that the setting for the following Preference Name’s are set and locked. “dom.disable_window_open_feature.status”, set to “true”. Criteria: If the values of the listed Preferences are not set and locked to these settings, then this is a finding. |
| Fix Text (F-62853r1_fix) |
|---|
| Set and lock the following preferences using the “Mozilla.cfg” file: “dom.disable_window_open_feature.status”, set to “true”. |