Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15986 | DTBF183 | SV-16928r2_rule | Medium |
Description |
---|
A context menu (also known as a pop-up menu) is often used in a graphical user interface (GUI) and appears upon user interaction (e.g., a right mouse click). A context menu offers a limited set of choices that are available in the current state, or context, of the operating system or application. A website may execute JavaScript that can make changes to these context menus. This can help disguise an attack. Set this preference to "false" so that webpages will not be able to affect the context menu event. |
STIG | Date |
---|---|
Mozilla FireFox Security Technical Implementation Guide | 2019-12-12 |
Check Text ( C-16626r4_chk ) |
---|
Type "about:config" in the address bar of the browser. Verify that the preferences "dom.event.contextmenu.enabled" is set and locked to "false". Criteria: If the parameter is set incorrectly, then this is a finding. If the setting is not locked, this is a finding. |
Fix Text (F-15998r4_fix) |
---|
Ensure the preferences "dom.event.contextmenu.enabled" is set and locked to "false". |