Firefox must be configured to prevent JavaScript from disabling or replacing context menus.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-251556	FFOX-00-000012	SV-251556r807140_rule		Medium

Description
A website may execute JavaScript that can remove or replace context menus/pop-up menus. This can help disguise an attack. Set this preference to "false" so that web pages will not be able to affect the context menu event.

STIG	Date
Mozilla Firefox Security Technical Implementation Guide	2021-12-01

Details

Check Text ( C-54991r807138_chk )
Type "about:policies" in the browser address bar. If "dom.event.contextmenu.enabled" is not displayed with a value of "false", this is a finding.

Fix Text (F-54945r807139_fix)
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Preferences Policy State: Enabled Policy Value: { "dom.event.contextmenu.enabled": { "Value": false, "Status": "locked" } } macOS "plist" file: Add the following: Preferences dom.event.contextmenu.enabled Value Status locked Linux "policies.json" file: Add the following in the policies section: "Preferences": { "dom.event.contextmenu.enabled": { "Value": false, "Status": "locked" } }

Fix Text (F-54945r807139_fix)

Windows group policy:
1. Open the group policy editor tool with "gpedit.msc".
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\
Policy Name: Preferences
Policy State: Enabled
Policy Value:
{
"dom.event.contextmenu.enabled": {
"Value": false,
"Status": "locked"
}
}

macOS "plist" file:
Add the following:
Preferences

dom.event.contextmenu.enabled

Value

Status
locked

Linux "policies.json" file:
Add the following in the policies section:
"Preferences": {
"dom.event.contextmenu.enabled": {
"Value": false,
"Status": "locked"
}
}