Firefox must be configured to prevent JavaScript from moving or resizing windows.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-251554	FFOX-00-000010	SV-251554r879587_rule		Medium

Description
JavaScript can make changes to the browser's appearance. This activity can help disguise an attack taking place in a minimized background window. Configure the browser setting to prevent scripts on visited websites from moving and resizing browser windows.

STIG	Date
Mozilla Firefox Security Technical Implementation Guide	2023-06-05

Details

Check Text ( C-54989r807132_chk )
Type "about:policies" in the browser address bar. If "dom.disable_window_move_resize" is not displayed with a value of "true", this is a finding.

Fix Text (F-54943r807133_fix)
Windows group policy: 1. Open the group policy editor tool with "gpedit.msc". 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\ Policy Name: Preferences Policy State: Enabled Policy Value: { "dom.disable_window_move_resize": { "Value": true, "Status": "locked" } } macOS "plist" file: Add the following: Preferences dom.disable_window_move_resize Value Status locked Linux "policies.json" file: Add the following in the policies section: "Preferences": { "dom.disable_window_move_resize": { "Value": true, "Status": "locked" } }

Fix Text (F-54943r807133_fix)

Windows group policy:
1. Open the group policy editor tool with "gpedit.msc".
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Mozilla\Firefox\
Policy Name: Preferences
Policy State: Enabled
Policy Value:
{
"dom.disable_window_move_resize": {
"Value": true,
"Status": "locked"
}
}

macOS "plist" file:
Add the following:
Preferences

dom.disable_window_move_resize

Value

Status
locked

Linux "policies.json" file:
Add the following in the policies section:
"Preferences": {
"dom.disable_window_move_resize": {
"Value": true,
"Status": "locked"
}
}