The operating system must prevent the execution of prohibited mobile code.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-216464 | SOL-11.1-090100 | SV-216464r603267_rule | Medium |
| Description |
|---|
| Decisions regarding the employment of mobile code within operating systems are based on the potential for the code to cause damage to the system if used maliciously. Mobile code technologies include Java, JavaScript, ActiveX, PDF, Postscript, Shockwave movies, Flash animations, and VBScript. Usage restrictions and implementation guidance apply to both the selection and use of mobile code installed on organizational servers and mobile code downloaded and executed on individual workstations. |
| STIG | Date |
|---|---|
| Solaris 11 SPARC Security Technical Implementation Guide | 2022-11-18 |
Details
| Check Text ( C-17700r371480_chk ) |
|---|
| Determine if the Firefox package is installed: # pkg list web/browser/firefox If the package is not installed, this check does not apply. If installed, ensure that it is a supported version. # pkg info firefox | grep Version Version: 52.5.2 If the version is not supported, this is a finding. Ensure that Java and JavaScript access by Firefox are disabled. Start Firefox. In the address bar type: about:config In search bar type: javascript.enabled If 'Value" is true, this is a finding In the address bar type: about:addons Click on "I accept the risk" button. Click on "Plugins". If Java is enabled, this is a finding. |
| Fix Text (F-17698r371481_fix) |
|---|
| In the address bar type: about:config Click on "I accept the risk" button. In search bar type: javascript.enabled Double click on the javascript.enabled and Value true will change to false. In the address bar type: about:addons Click on "Plugins". If Java is displayed, disable Java by clicking on the Never Activate selection |