Firefox must be configured to not automatically execute or download MIME types that are not authorized for auto-download.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-251550	FFOX-00-000006	SV-251550r807122_rule		Medium

Description
Some files can be downloaded or execute without user interaction. This setting ensures these files are not downloaded and executed.

STIG	Date
Mozilla Firefox Security Technical Implementation Guide	2021-12-01

Details

Check Text ( C-54985r807120_chk )
Type "about:preferences" in the browser address bar. Type "Applications" in the Find bar in the upper right. Determine if any of the following file extensions are listed: HTA, JSE, JS, MOCHA, SHS, VBE, VBS, SCT, WSC. If the entry exists and the "Action" is "Save File" or "Always Ask", this is not a finding. If an extension exists and the entry in the Action column is associated with an application that does/can execute the code, this is a finding.

Check Text ( C-54985r807120_chk )

Type "about:preferences" in the browser address bar.

Type "Applications" in the Find bar in the upper right.

Determine if any of the following file extensions are listed: HTA, JSE, JS, MOCHA, SHS, VBE, VBS, SCT, WSC.

If the entry exists and the "Action" is "Save File" or "Always Ask", this is not a finding.

If an extension exists and the entry in the Action column is associated with an application that does/can execute the code, this is a finding.

Fix Text (F-54939r807121_fix)
Remove any unauthorized extensions from the auto-download list.