UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Firefox must be configured to not automatically execute or download MIME types that are not authorized for auto-download.


Overview

Finding ID Version Rule ID IA Controls Severity
V-251550 FFOX-00-000006 SV-251550r832305_rule Medium
Description
Some files can be downloaded or execute without user interaction. This setting ensures these files are not downloaded and executed.
STIG Date
Mozilla Firefox Security Technical Implementation Guide 2022-09-09

Details

Check Text ( C-54985r832304_chk )
Type "about:preferences" in the browser address bar.

Type "Applications" in the Find bar in the upper-right corner.

Determine if any of the following file extensions are listed: HTA, JSE, JS, MOCHA, SHS, VBE, VBS, SCT, WSC, FDF, XFDF, LSL, LSO, LSS, IQY, RQY, DOS, BAT, PS, EPS, WCH, WCM, WB1, WB3, WCH, WCM, AD.

If the entry exists and the "Action" is "Save File" or "Always Ask", this is not a finding.

If an extension exists and the entry in the Action column is associated with an application that does/can execute the code, this is a finding.
Fix Text (F-54939r807121_fix)
Remove any unauthorized extensions from the auto-download list.