The Firefox browser home page is not set to blank or a trusted site.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15990 | DTBF017 | SV-16932r1_rule | ECSC-1 | Medium |
| Description |
|---|
| The browser home page parameter specifies the web page that is to be displayed when the browser is started explicitly and when product-specific buttons or key sequences for the home page are accessed. This helps to mitigate the possibility of automatic inadvertent execution of script added to a previously safe site. |
| STIG | Date |
|---|---|
| Mozilla FireFox | 2014-07-03 |
Details
| Check Text ( C-24153r1_chk ) |
|---|
| Type "about:config" in the address bar of the browser. Verify that the preference "browser.startup.homepage" is set and locked to blank or an authorized and trusted website such as "https://www.us.army.mil/suite/page/429668" Criteria: If the parameter is set incorrectly, then this is a finding. If the setting is not locked, then this is a finding. |
| Fix Text (F-20405r1_fix) |
|---|
| Ensure the preference "browser.startup.homepage" is set and locked to blank or the URL for a .mil or other trusted website. |