Firefox is not configured to provide warnings when a user switches from a secure (SSL-enabled) to a non-secure page.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15989 | DTBF130 | SV-16931r1_rule | Medium |
| Description |
|---|
| Users may not be aware that the information being viewed under secure conditions in a previous page are not currently being viewed under the same security settings. |
| STIG | Date |
|---|---|
| Mozilla Firefox Security Technical Implementation Guide | 2018-09-17 |
Details
| Check Text ( C-16629r1_chk ) |
|---|
| Type "about:config" in the browser window. Verify that the preference name “security.warn_leaving_secure" is set to “true” and locked. Criteria: If the parameter is set incorrectly, then this is a finding. If the setting is not locked, then this is a finding. |
| Fix Text (F-16003r1_fix) |
|---|
| Ensure the preference “security.warn_leaving_secure" is set to “true” and locked on this setting. |