Firefox is not configured to provide warnings when a user switches from a secure (SSL-enabled) to a non-secure page.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-57659 | DTBF-0020 | SV-72069r1_rule | Medium |
| Description |
|---|
| Users may not be aware that the information being viewed under secure conditions in a previous page are not currently being viewed under the same security settings. |
| STIG | Date |
|---|---|
| Mozilla Firefox | 2017-03-22 |
Details
| Check Text ( C-58481r3_chk ) |
|---|
| Procedure: In about:config, verify that the setting for the following Preference names are set and locked. “security.warn_leaving_secure”, set to “true”. Criteria: If the values of the listed Preferences are not set and locked to these settings, then this is a finding. |
| Fix Text (F-62861r1_fix) |
|---|
| Set and lock the following preferences using the “Mozilla.cfg” file: “security.warn_leaving_secure”, set to “true”. |